Process control system with on-line reconfigurable modules

ABSTRACT

An integrated system for process control in which a process supervisor procedure (which is preferably the top-level procedure) is configured as a modular software structure with modules which can be revised by a user at any time, without significantly interrupting the operation of the process supervisor. Users can define or redefine modules by editing highly constrained templates. These templates use a standardized data interface (as seen by the user), which facilitates communications with an extremely wide variety of systems. The template set preferably contains highly constrained portions (which are optimized for the most common functions), and also contains pointers to user-customized functions. Thus, rapid set-up and modification are possible, but sophisticated users still have full flexibility to do customization.

A portion of the disclosure of this patent document contains material which is subject to copyright projection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.

CROSS-REFERENCE TO OTHER APPLICATIONS

The following applications of common assignee contain some common disclosure, and are believed to have effective filing dates identical with that of the present application;

EXPERT SYSTEM WITH NATURAL-LANGUAGE RULE UPDATING filed Sept. 30 1987: Ser. No. 103,050;

EXPERT SYSTEM WITH THREE CLASSES OF RULES filed Sept. 30, 1987; Ser. No. 102,832;

PROCESS CONTROL SYSTEM WITH RECONFIGURABLE EXPERT RULES AND CONTROL MODULES filed Sept. 30, 1987: Ser. No. 103,014;

PROCESS CONTROL SYSTEM WITH ACTION LOGGING filed Sept. 30, 1987: Ser. No. 103,118;

and PROCESS CONTROL SYSTEM WITH MULTIPLE MODULE SEQUENCE OPTIONS filed Sept. 30, 1987: Ser. No. 103,124.

BACKGROUND OF THE INVENTION

1. The present invention relates to expert systems (also known as knowledge-based systems), to process control systems, and to hybrids thereof.

2. Discussion of Related Art

Various known teachings which are believed to be related to various ones of the innovations disclosed in the present application will now be discussed. However, applicant specifically notes that not every idea discussed in this section is necessarily prior art. For example, the characterizations of the particular patents and publications discussed may relate them to inventive concepts in a way which is itself based on knowledge of some of the inventive concepts. Moreover, the following discussion attempts to fairly present various suggested technical alternatives (to the best of applicant's knowledge), even though the teachings of some of those technical alternatives may not be "prior art" under the patent laws of the United States or of other countries. Similarly, the Summary of the Invention section of the present application may contain some discussion of prior art teachings, interspersed with discussion of generally applicable innovative teachings and/or specific discussion of the best mode as presently contemplated, and applicant specifically notes that statements made in the Summary section do not necessarily delimit the various inventions claimed in the present application or in related applications.

Process Control Generally

To compete in global markets, manufacturers must continually improve the quality and cost of manufacture of their products. They must do this in the face of changing market needs, changing raw materials costs, and reduced staffing Automatic computer control of the manufacturing process can play an important part in this, especially in the chemical process industry. Most process plants already have the basic automatic regulating controls (low level controls) needed to control the plant at a given operating point. These provide the foundation for higher level supervisory controls (referred to here as supervisor procedures or supervisors) that seek to improve quality, reduce cost, and increase plant uptime by moving the plant to a different operating point. These changes can be made directly via the lower level controls, or indirectly via the plant operator.

Although supervisory controls have been in use for years, they have lacked a number of desirable features. To best improve quality and cost, a supervisor procedure should:

help control the quality of the end product;

reduce the cost of operating the plant;

help avoid unnecessary upsets or shutdowns;

work effectively with plant operators;

act in concert with standard operating procedures; and

be supportable by plant operating and support people.

To measure quality, a supervisor procedure should ideally have access to measurements of the basic properties of the product which affect its value and usefulness to the customer. Since most product properties measurements are sampled (and are measured in a laboratory), the supervisor should have access to a historical process database which can store these measurements as well the basic process data from the lower level control systems. Since sampled measurements and the process itself normally include some components of random variation, the supervisor should include statistical tests which can determine if a sequence of sampled measurements is varying normally around its aim value (i.e. is "on aim"), or has shifted significantly from aim (is "off aim").

To control quality, a supervisor procedure should have the capability to change the operating point of the process (via the lower level controls) when a measured property goes off aim. It should have the ability to act in response to new data or statistical tests, or to act at regular time intervals. It should also be able to preemptively change the operating point when basic conditions (such as plant production rate) change. It should allow a number of independent control objectives, and new ones should be easy to add. Since the process may use any number of different low level controllers, the supervisor should be able to communicate with all of them.

To work effectively with plant operators, a supervisor procedure should be understandable. It should carry out its control actions in a way that is natural and understandable to operators. It should provide enough information about its current state and its past actions for the operator to judge its performance. It should inform the operator when it acts (or chooses not to act), explaining how much action was taken, where it was taken, why it was done, and what effect it might have. Since the effect of actions taken to control quality and reduce cost can last longer than a single shift, it should provide a record of all its actions.

To act appropriately under all circumstances, to reduce operating costs in a way consistent with quality, to help avoid unnecessary upsets and shutdowns, and to take operating procedures into account, a supervisor should ideally include the logical decision making capabilities of expert systems. Because decisions will normally focus on a specific task or area, many independent expert systems should be allowed. The expert systems should have access to the many sources of process measurements, laboratory measurements, and control system parameters. They should be able to reason symbolically using that information, and to make their decisions take effect through communication and control actions. To work effectively, the supervisor should be able to control its expert system functions in concert with its other functions.

To be supported by plant personnel, the supervisor should be easy to use. It should allow common control actions to be set up easily, with a means of customizing less common functions. It should allow control actions to be changed easily. It should have a simple means of specifying the informative messages to be generated about it actions. Its expert systems should allow process knowledge to be entered, stored, and updated in a way that plant support people understand. It should provide a simple, appropriate knowledge representation which naturally includes data retrieval, symbolic reasoning, and effective means of implementing decisions in the plant. The knowledge structure should allow any authorized plant expert to enter knowledge, without restricting access to those who know computer languages or have memorized special rule structures.

The present invention addresses many of these concerns.

Normally supervisory control has been thought of separately from another higher level of control called optimizing control, which seeks to minimize operating cost. In some cases, the requirement to minimize variation in product properties (i.e. to improve product quality) is absolutely primary, so that cost optimization only be performed as an objective secondary to quality objectives. In this environment, use of classical optimization techniques to achieve cost optimization may not be possible. In other cases, it has been possible to integrate a balance of supervisory and optimizing control into the supervisor.

Modularity

Supervisory control systems using a modular structure are well known. For example, the Process Monitoring and Control-1000 (pMC-1000) control package marketed by Hewlett Packard is a modular control package which can function as a supervisory control system. PMC modules, called blocks, perform alarming and limiting, proportional/integral/derivative control, trending, driving an electrical output, running programs, and other functions Each block writes one or more output values into memory. To build PMC control structures, the user creates as many blocks as needed and links them to other block output values. A new runnable system must then be generated. Once the system is running, parameters such as gain constants can be changed, but the linking of blocks is fixed. PMC runs on a base time cycle, and blocks can only be scheduled to execute at multiples of the base cycle time. Although PMC maintains a historical database, it cannot be used for control, and does not effectively store intermittently sampled data. It is believed that there is no maximum number of blocks.

It is believed that some earlier discussion of the significance of modularity in process control software is found in Watson, "Process Control Using Modular Package Software," IEE Conference Publications number 102 (1973) (which is hereby incorporated by reference).

Historical Process Database

A database of historical process data is generally described in Hale and Sellars, "Historical Data Recording for Process Computers," 77 Chem. Eng'g Proqress 38 (1981) (which is hereby incorporated by reference).

Continuous Control Actions

In classical feedback and feedforward control, the prior art teaches that the best control results are achieved by making continuous changes to the process. In computer control, where cyclic operation forces changes to be made in discrete steps, many small, frequent steps are conventionally preferred. While in principle this gives the best possible control performance, such control actions are very difficult to visualize. In fact, it may be impossible to determine what actions have been taken by what control strategies, and how long the control strategies have been making changes. This makes it very difficult to judge whether control strategies are working properly, or even if they are working at all. This method of control also runs counter to the methods used by operators, who generally make a few significant changes and wait to see the effects.

In feedback control, the use of a deadband is a well known way of avoiding small actions caused by a noisy measurement. (That is, if the control variable falls within a specified deadband of values surrounding the goal value, the control value will not be manipulated.) This deadband, as is well known, helps to avoid instability in control systems. Statistical process control also tends to reduce the number of feedback control actions. However, neither technique is sufficient to make all control actions understandable, since some actions will not be considered noisy.

The use of a feedforward relation among control variables is also well known among those skilled in the art of process control. That is, in some cases, whenever one variable changes (e.g. if a particular control variable is manipulated for any reason), another variable will also be manipulated according to a predetermined relationship. For example, in a distillation process, it may be desirable to immediately decrease the heat input whenever the rate of feed of the crude feed stock is decreased. In feedforward control, a deadband is normally not used.

Control of Multiple Manipulated Variables

In many process control applications, several manipulated variables must be jointly controlled in a single control loop (e.g. in some relation to a single measured variable). A special (and very common) case of this is seen in many situations where a single manipulated variable can normally be used, but alternate manipulated variables should be used instead if the first-choice manipulated variable becomes constrained. When human operators optimally handle problems of this kind, their choice of which output to change will often be made heuristically, based on cost, quality, response dynamics, and process stability.

"Decoupling" is a conventional way of reducing multi-input multi-output problems to sets of single-input single-output problems. In decoupling, it is usually assumed that all of the manipulated variables should be changed.

A different but related problem arises when a number of manipulated variables ("knobs") can be changed to respond to a single measured variable. Operators often use a heuristic approach in choosing which knob (or knobs) to manipulate, and sometimes choose not to act. The heuristic approach may consider cost, quality, response dynamics, and process stability. It may include alternate knobs to be used when all of the preferred knobs are constrained. Classic control methods are not well suited to this approach.

Expert Systems Generally

The term "expert system" is used in the present application (in accordance with what is believed to be the general usage at present) to refer to a system which includes non-trivial amounts of knowledge about an underlying problem. Almost any control system which has been customized for a particular application might be argued to embody small amounts of relevant knowledge in its very structure, but the term expert system is generally used only for systems which contain enough accessible information that they can usefully supplement the knowledge of at least some (but normally not all) human users who must deal with problems of the type addressed. Expert systems at their best may serve to codify the expert knowledge of one person (a "domain expert"), so that that person's expertise can be distributed and made accessible to many less expert users who must address problems of a certain type. Some well-known successful examples include a medical diagnostic program (MYCIN) and a diagnostic program which assists mechanics working on diesel engines.

As these examples show, one very common area of application for expert systems has been fault diagnosis. Many other areas of application have been recognized; see generally Expert Systems (ed. R. Forsythe 1984) (which is hereby incorporated by reference); P. Harmon and D. King, Expert Systems (1985) (which is hereby incorporated by reference); and Donald Waterman, A Guide to Expert Systems (1984) (which is hereby incorporated by reference).

Knowledqe Input and Updating

One of the very general problems in the area of expert systems is how knowledge is to be gotten into an expert system in the first place. That is, specialists in artificial intelligence often assume that a "knowledge engineer" (that is, a person who is experienced and competent in the specialized computer languages and software commonly used for artificial intelligence applications) will interview a "domain expert" (that is, a person who actually has expert knowledge of the type of problems which the expert system is desired to be able to address) to extract his expertise and program an expert system accordingly. However, there are some very important drawbacks to this paradigm. First, competent "knowledge engineers" are not readily available. In particular, the requirements of maintaining a real-world application (such as an expert system for chemical process control, as in the preferred embodiments disclosed below) are such that it is dangerous to rely on a sufficient supply of "knowledge engineers" to go through the iterations necessary to not only input the knowledge base reliably, but also maintain the software base once it is created.

The rapidly developing art of software engineering has shown that one of the key requirements for a large software system is that it be maintainable. Thus, for example, the software system must be set up so that, after the technologist who first puts together an expert system is gone, it can be maintained, modified, and updated as necessary by his successors.

Thus, one key problem in the area of expert systems is the problem of maintenance and updating. Especially in more complex real-world applications, it is necessary that a large software structure, such as that required for a sophisticated expert system, be maintainable. For example, in an expert control system, control strategies may be modified, new control strategies may be introduced, sensor and/or actuator types and/or locations may be changed, and the economic factors relevant to cost versus throughput versus purity tradeoffs may change. Normally, expert systems attempt to maintain some degree of maintainability by keeping the inference rules which the processor executes separate from the software structure for the processor itself. However, this normally tends to lead to a larger software structure which operates more slowly.

Specialists in expert systems also commonly assume that expert systems must be built in a symbolic processing environment, e.g. in environments using LISP or PROLOG. Even for complex processes, a single large knowledge base is usually assumed. The program which processes the knowledge therefore requires complex procedures for processing the knowledge base, and these are typically coded separately from the knowledge. This leads to large software structures which execute slowly on conventional computers. Specialized "LISP machines" are commonly recommended to speed up the inference process.

Expert System Knowledge Structures

Published material regarding knowledge based systems (expert systems) has proposed several classifications for the types of rules which are to be used. For example, U.S. Pat. No. 4,658,370 to Erman et al., which is hereby incorporated by reference, describes "a tool . . . for building and interpreting a knowledge base having separate portions encoding control knowledge, factual knowledge, and judgmental rules." (Abstract). The method described in this patent still appears to rely on the availability of a "knowledge engineer "This patent appears to focus on the application of an expert system as a consultation driver for extracting the relevant items of knowledge from a human observer. Knowledge is separated into factual knowledge such as classes, attributes, allowed values, etc., which describe the objects in the domain; judgmental knowledge, which describes the domain (and its objects) in the form of rules; and control knowledge describing the problem solving process to be used by the inference procedure in processing the knowledge. (The control knowledge has nothing to do with control of an external process.) This knowledge structure is designed to make the task of knowledge engineering easier, and to make the knowledge system and its reasoning during a consultation easier to understand. The knowledge base is written in a specialized programming language. This is a very powerful structure, which requires a very high skill level.

Expert system development tools which are designed to make the input of knowledge easier have been developed. U.S. Pat. No. 4,648,044 to Hardy, et al., describes "a tool for building a knowledge system . . . [which] includes a knowledge base in an easily understood English-like language expressing facts, rules, and meta-facts for specifying how the rules are to be applied to solve a specific problem". (Abstract). Although this tool is not as complex as some current expert systems tools, the knowledge must be entered in a rigidly structured format. The user must learn a specialized language before he can program the knowledge base. Despite some simplification in the development process, a fairly high skill level is still required.

Expert Systems for Process Control

Chemical processing plants are so complex that few people develop expertise except in limited areas of the process. Plants run around the clock, production rates on a single line are very high, and startup is usually long and costly, so improper operation can be very costly. It has also been found that, in a complex chemical processing plant, some operators can achieve substantially higher efficiencies than others, and it would be advantageous if the skill level of the best operators could be made generally available. Expert systems promise significant benefits in real-time analysis and control by making scarce expertise more widely available. However, application of expert systems in this area has not progressed as far as it has in interactive, consultative uses.

Integration of expert system software with process control software poses special problems:

First, there is the problem of how the software structure for an expert system is to be combined with the software for a process control system. Several expert systems which have been suggested for process control have used an expert system as the top-level supervisor procedure for the control system.

Second, as discussed above, many process control strategies have difficulty with situations where there are multiple control parameters (inputs to the process) which could be manipulated. That is, for processes which have only one primary control parameter (as many do), the problem of what value to set for that control parameter is in significant ways a much simpler problem than the question of which one or ones of multiple control parameters should be addressed, and in which direction.

It should also be noted that the use of an expert system to design a new process (or to debug a newly introduced process) has significantly different features from the problem of optimally controlling an existing process. Similarly, while expert systems have also been applied to the automatic distribution of jobs to multiple workstations through an automated materials handling system (an example of this is the DISPATCHER Factory Control System developed by Carnegie Group Inc.), the queuing problems presented by the allocation of different types of materials in batches to many parallel assembly workstations making different products are quite different from the problems in continuously operating single line processes, particularly chemical processes.

"RESCU"

The system known as "RESCU" resulted from a collaborative demonstration project between British government and industry. See, e.g., Shaw, "RESCU online real-time artificial intelligence," 4 Computer-Aided Engineering J. 29 (1987) (which is hereby incorporated by reference); and the Digest of the IEE Colloquium on `Real-Time Expert Systems in Process Control`, held Nov. 29, 1985 at Salford, U.K. (which is hereby incorporated by reference). From available information, it appears that this is a real-time expert system which was developed to provide advice on quality control in an detergent plant. The system searches for a hypothesis about the plant which is supported by process data, and uses it as the basis for advice. This system also uses a single knowledge base for the entire plant and thus requires complex inference control methods.

"Falcon"

"Falcon" is a fault diagnosis system for a chemical reactor, which monitors up to 30 process measurements and seeks to identify a set of up to 25 failures in the process. This was developed as a demonstration project between DuPont, the Foxboro Company, and the University of Delaware, and is described, for example, in D. Rowan, "Using an Expert System for Fault Diagnosis," in the February 1987 issue of Control Engineering, which is hereby incorporated by reference. See also "Troubleshooting Comes On Line in the CPI" in the Oct. 13, 1986, issue of Chemical Engineering at page 14, which is hereby incorporated by reference. This system required several man years of development, and because it is programmed in LISP, it has proven difficult to maintain the knowledge base through process changes.

"ONSPEC Superintendent"

The "ONSPEC Superintendent" (™), marketed by Heuristics Inc., is a real-time expert systems package which monitors data from the ONSPEC (™) control system. See Manoff, "On-Line Process Simulation Techniques in Industrial Control including Parameter Identification and Estimation Techniques," in Proceedings of the Eleventh Annual Advanced Control Conference (1985) (which is hereby incorporated by reference); and Manoff, "Control Software Comes to Personal Computers," at page 66 of the March 1984 issue of Control Engineering (which is hereby incorporated by reference). The "Superintendent" monitors for conformance with safety and control procedures and documents exceptions. It can also notify operators, generate reports, and cause control outputs.

""PICON"

The PICON (™) system, which was marketed by Lisp Machines, Inc. (LMI), was apparently primarily intended for real-time analysis of upset or emergency conditions in chemical processes. It can monitor up to 20,000 input process measurements or alarms from a distributed control system. It uses a single knowledge base (e.g. containing thousands of rules) for an entire process. To handle such a large number of rules, it runs on a LISP computer and includes complex inference control methods. PICON must be customized by a LISP programmer before the knowledge base can be entered. The domain expert then enters knowledge through a combination of graphics icons and Lisp-like rule constructions. See, for example, L. Hawkinson et al., "A Real-Time Expert System for Process Control," in Artificial Intelligence Applications in Chemistry (American Chemical Society 1986), which is hereby incorporated by reference, and the R. Moore et al. article in the May 1985 issue of InTech at page 55, which is hereby incorporated by reference.

Self-tuning Controllers

Another development which should be distinguished is work related to so-called "self-tuning controllers." Self-tuning single- and multiple-loop controllers contain real-time expert systems which analyze the performance of the controller (See "Process Controllers Don Expert Guises", in Chemical Eng'g, June 24, 1985). These expert systems adjust the tuning parameters of the controller. They affect only low-level parts of the system, and use a fixed rule base embedded in a microprocessor.

SUMMARY OF THE INVENTION

In this section various ones of the innovative teachings presented in the present application will now be discussed, and some of their respective advantages described. Of course, not all of the discussions in this section define necessary features of the invention (or inventions), for at least the following reasons: (1) various parts of the following discussion will relate to some (but not all) classes of novel embodiments disclosed; (2) various parts of the following discussion will relate to innovative teachings disclosed but not claimed in this specific application as filed; (3) various parts of the following discussion will relate specifically to the "best mode contemplated by the inventor of carrying out his invention" (as expressly required by the patent laws of the United States), and will therefore discuss features which are particularly related to this subclass of embodiments, and are not necessary parts of the claimed invention; and (4) the following discussion is generally quite heuristic, and therefore focusses on particular points without explicitly distinguishing between the features and advantages of particular subclasses of embodiments and those inherent in the invention generally.

Various novel embodiments described in the present application provide significant and independent innovations in several areas, including:

systems and methods for translating a domain expert's knowledge into an expert system without using a knowledge engineer;

software structures and methods for operating a sophisticated control system while also exploiting expert system capabilities;

generally applicable methods for controlling a continuous process; and

innovations, applicable to expert systems generally, which help provide highly maintainable and user-friendly experts.

Various classes of embodiments described herein provide a process control system, wherein a process which operates substantially continuously is controlled by a system which includes (in addition to a process control system which is closely coupled to the underlying process and which operates fairly close to real time, i.e. which has a maximum response time less than the minimum response time which would normally be necessary to stably control the underlying process) at least some of the following features:

(1) A supervisor procedure, which has a modular structure, and retrieves process measurements from the process control system (or other process data collection systems), passes control parameters to the process control system, and communicates with people. Preferably, the supervisor includes the capability for statistical process control. The supervisor preferably runs on a computer system separate from the process control system.

(2) The supervisor procedure can preferably call on one or more expert system procedures as subroutines. This is particularly useful in control applications where there are multiple possible manipulated variables, since the expert system(s) can specify which manipulated variable (or variables) is to be adjusted to achieve the end result change desired, and the supervisor system can then address simpler one-dimensional control problems.

(3) Preferably, at least some users can call on a build-supervisor procedure which permits them to define or redefine modules of the supervisor procedure by editing highly constrained templates. The templates use a standardized data interface (as seen by the user), which facilitates the use in control actions of data from a wide variety of systems. The templates in the available template set preferably contains highly constrained portions (which are optimized for the most common functions), and pointers to functions which can be customized by the user.

(4) Preferably, the build-supervisor user can also call on a build-user program procedure, which allows fully customized control functions to be programmed by sophisticated users. The build-user program procedure can also be used to create customized message generation functions. These can be used to generate messages describing the actions of the supervisor, and also to call other sub-procedures, such as the expert procedures.

(5) Preferably at least some users are also permitted to call on a build-expert procedure which can be used to construct an expert system. Knowledge is specified by user input to a set of highly constrained, substantially natural language templates. The templates use a standardized data interface (as seen by the user), which facilitates the use in the expert system of data from a wide variety of systems. The completed templates can then be compiled to produce a runnable expert system. Preferably, the user can also retrieve, examine, and modify the input from previously specified templates. Thus, an expert system can be modified by recalling the templates which specified the current expert system, modifying them, and recompiling to generate a new runnable expert.

(6) A historical process database advantageously standardizes the access to current and historical process data by the supervisor and expert procedures. This is particularly useful for collecting the results of laboratory characterizations over time of the underlying process.

Control of Continuous Processes

The goals in management of a substantially continuous process include the following:

(1) Maximizing quality: In the chemical process industry, it is important to reduce variation in measured properties of the product, and to control the average measured properties at specified aim values.

(2) Minimization of cost of manufacture: The process must be operated in a way that efficiently uses energy and feedstocks without compromising quality objectives. Upsets and inadvertent process shutdowns, which adversely affect quality and production rate, and reduce the total utility (fractional uptime) of the plant, are all costly and must be avoided.

Control of Multiple Manipulated Variables

As noted above, in many process control applications, several manipulated variables must be jointly controlled in a single control loop (e.g. in some relation to a single measured variable). A special (and very common) case of this is seen in many situations where a single manipulated variable can normally be used, but alternate manipulated variables should be used instead if the first-choice manipulated variable becomes constrained. When human operators optimally handle problems of this kind, their choice of which output to change will often be made heuristically, based on cost, quality, response dynamics, and process stability.

One novel approach to this problem (which is used in several of the preferred embodiments below) is to decompose the multiple-variable problem into a set of single-variable problems. An expert procedure is used to decide which control parameter(s) to adjust, and one or more from a set of single-input single-output procedures are used to make the adjustment(s). Not only does this facilitate quality, cost, and plant operability objectives, but it results in control strategies which act properly over a much wider range of conditions. Correct actions are taken, where conventional control methods would make no action or wrong actions. This improves the usefulness of the control strategy to the operator, and leads to higher use of the controls.

The various novel ideas described below are particularly advantageous in such multiple control parameter problems. In the presently preferred embodiment discussed below, a dimethyl terephthalate process (DMT) process is presented as an actual example to show the advantages achieved by the various novel ideas disclosed in this context.

Discrete Control Actions

As mentioned above, control systems that continuously change manipulated parameters are very difficult to monitor. Since operators depend on the supervisor procedure to maintain important product properties and process operating conditions, it is important that they be able to understand and judge supervisor performance. By restricting supervisor changes to a reasonably small number of significant discrete actions, supervisor performance becomes much more understandable.

One novel teaching stated in the present application is an integrated system for process control in which a process supervisor procedure (which is preferably the top level procedure) defines parameters for one or more control systems (or control procedures). The supervisor procedure changes control parameters only in discrete actions, and the thresholds for the decision to act are preferably made large enough (for each control parameter) that every action must be a significant change.

A related novel teaching herein is that every control action taken by the supervisor should be reported out to plant personnel in a substantially natural language message. Preferably, instances where action would be desirable but is not possible (because of constraints or other unusual circumstances) should also be reported. Preferably, a cumulative record of the messages is kept, and is available for review by operators and plant support people. Preferably, the message should report the time, amount, location, and reason for each action. Other relevant information, such as the time stamp of relevant sampled data, and the nature of statistical deviations from aim should preferably be included as well. Since every action is significant, and the number of actions is reduced, the cumulative record provides a meaningful record of supervisor performance.

This is particularly advantageous for systems where some of the relevant time constants are so slow that dynamic process responses last several hours (or longer). A new operator coming on duty at a shift change can use the cumulative record to judge what effects to expect from supervisor actions on the previous shift.

The use of a deadband in feedforward action is one novel means that is advantageously used to discretize supervisor actions. Feedforward action is taken only when the measured value changes by more than the deadband from its value at the last action. This generates a series of discrete changes in the manipulated variable, which can be effectively logged and evaluated by operators.

Statistical filtering of discretely measured values also serves to reduce control actions to a few significant changes. Statistical tests, as is well known, distinguish normal variation around the average from significant deviations from the average. In most cases, a number of measurements will be needed to indicate a deviation. By only acting on statistical deviations, relatively few, but significant, actions will result.

Expert Systems for Process Control

A general problem with expert systems is how the expert system software is to be integrated with process control software. Several expert systems which have been suggested for process control have used an expert system as the top-level supervisor procedure for the control system. However, several of the novel embodiments disclosed herein achieve substantial advantages by departing from this conventional structure. For one thing, if the expert system is the top level procedure, then it becomes more difficult to accommodate more than one expert in the system (or, to put this another way, the potential modularity of the expert system cannot be fully exploited). Thus, one significant advantage of several of the novel embodiments disclosed here is that use of more than one expert system within a single integrated system becomes much more advantageous.

Types of Process Control Systems

It should also be noted that the use of an expert system to design a new process (or to debug a newly introduced process) has significantly different features from the problem of optimally controlling an existing process. While various ones of the novel ideas disclosed herein may have significant applications to such problems as well, the presently preferred embodiment is especially directed to the problem of optimally controlling an existing operating process, and the various novel ideas disclosed herein have particular advantages in this context.

A significant realization underlying several of the innovations disclosed in the present application is that the structure of expert systems for process control applications can advantageously be significantly different from that of other expert system problems (such as consultative expert systems problems, in which a human is queried for information). The Hardy et al. and Erman et al. patents illustrate this difference. Consultative expert systems seek to substantiate one of a number of possible causes by interactively querying the user about the symptoms. Such systems must use complex knowledge representations and inference methods to minimize the number of user queries by carefully selecting the information they solicit. Moreover, since the user is not an expert, the system should be able to explain why it is requesting information.

In contrast, the real-time process problem is much simpler. The information needed by the expert is typically in the form of process measurements, which can be rapidly retrieved from process control and data systems without human intervention. There is much less need to minimize the requests for information. In fact, it may be faster to retrieve all the data that could be relevant to the problem than to determine what data is relevant. Moreover, since the experts will run automatically, there is no need to explain the reasoning during the inference process. As long as the rulebase is not too large, the process control expert can operate effectively using a simple "forward chaining" (or data driven) inference method. There is no need for the complex "backward chaining" procedures used in the consultative systems. Moreover, if a number of modular expert subprocedures are used within a single process, each expert tends to be smaller, and is more likely to work effectively in forward chaining mode. The presently preferred embodiment is especially directed to process control and monitoring, and the novel ideas disclosed herein have particular advantages in this context. However, various ones of the novel ideas may have significant applications to other problems as well.

It is believed to be a significant innovation to use expert system techniques to point to the direction of action in a multi-parameter control problem, as discussed above. One advantage is that the use of the expert permits more cases to be handled; for example, when one control parameter is up against its limits, the expert system can specify another parameter to be changed. The expert can also be especially advantageous in preventing a wrong action from being taken: in some types of processes it is conceivable that erroneous control strategies could potentially cause property damage or injuries, and the natural language inference rules of the expert (possibly combined with a more quantitative optimization scheme) can usefully ensure that this cannot happen. Thus, one advantage of various of the process control expert system embodiments disclosed in the present application is that they facilitate reliable implementation of a control strategy which (primarily) prevents a clearly wrong action from being taken, and (secondarily) permits minimizing costs.

In particular, it is especially advantageous to use a knowledge based (functional) structure where the rules are constrained to be of the three types described in the context of a process control application. The retrieval rules permit the predominantly quantitative sensor data (and other input data) to be translated into a format which is suitable for expert system application, and the control rules provide a translation back from expert system reasoning into an output which matches the constraints of the control problem.

The present invention is particularly advantageous in controlling processes which are substantially continuous, as distinguished from job shop processes. That is, while some computer-integrated manufacturing systems focus primarily on issues of queuing, throughput, statistical sampling of workpieces for inspection, etc., substantially continuous processes (such as bulk chemical synthesis and/or refining processes) typically demand more attention to issues of controlling continuous flows.

Expert Systems Generally

The present application contains many teachings which solve specific problems and offer corresponding advantages in the sub-class of expert systems used for process control, or even the sub-sub-class of expert systems used for control of substantially continuous processes. However, the present application also discloses many novel features which could be adopted into many other types of expert systems, and/or into many other types of control applications, while still retaining many (if not all) of the advantages obtained in the context of the presently contemplated best mode.

Similarly, while the present application describes numerous novel features which are particularly applicable to rule-based forward-chaining expert systems, some of the innovations described herein are believed to be very broadly novel, and could be adapted for use with other types of expert systems too.

Natural-Lancuaoe Rule Statements

One of the innovative teachings in the present application provides an expert system tool in which knowledge is entered into the knowledge base through a limited set of pre-defined, highly constrained, natural-language knowledge structures which are presented as templates. In typical previous expert systems, knowledge is coded in the strict syntactical format of a rule or computer language, which allows great flexibility in knowledge representation. The person entering the knowledge (hereafter referred to as the developer) must learn the syntax, must choose an appropriate knowledge representations, and must formulate syntactically correct input.

In contrast, by restricting the developer to constrained, pre-defined structures, the need to learn rule or language syntax and structure is eliminated. Moreover, if the number of such pre-defined knowledge structures is small enough, the total knowledge representation in the expert system can be easily understood. Thus, a knowledge engineer is not needed. The domain expert can enter the knowledge to build an expert system directly. The developer's input can then be translated automatically into an operational expert system. The developer need not be concerned with or aware of the specific language or system used to implement the expert.

Another innovative teaching is that the knowledge entered into the pre-defined natural-language structures is stored in substantially natural-language form. This permits the knowledge to be revised at any time in the form in which it was originally entered: the developer simply recalls the stored template information, modifies it, and stores the modified knowledge. This is also simple enough to be done by the domain expert. The modified knowledge can then be automatically translated into a modified operational expert.

Another significant advantage of several of the disclosed novel embodiments for creating an expert system is that the expert can be significantly more compact and faster in execution. This is achieved by integrating the expert system's rules with the code which performs the inference function. This allows many independent runnable expert systems to be created. Moreover, the ease and simplicity of knowledge updating can still be preserved by maintaining the natural language form of the knowledge. The knowledge base can easily be reviewed and modified without hindrance from the specific inference method used in the runnable system.

Another novel feature of several of the disclosed embodiments is the use of a standardized data interface (as seen by the user) in the knowledge templates, which facilitates the use in the knowledge base of data from a wide variety of systems. Expert systems are allowed to require data from process or laboratory measurements (both current and historical), or data collected from other sources (such as on-line analyzers), or data and parameters from the process control systems. A standard interface to all such data sources facilitates use of the data in expert systems, since domain experts usually lack the programming expertise that would otherwise be needed to access these data sources.

Expert System Rule Types

As mentioned above, previous expert systems tools normally use a rule or computer language which allows great flexibility in knowledge representation. One innovative teaching in the present application is the restriction of the knowledge structure within an expert system to rules of three highly constrained types. The three rule types are: (1) retrieval rules, which each assign one of several descriptors to a name in accordance with the values of numeric inputs; (2) analysis rules, which each can assign a descriptor to a name in accordance with the descriptor/name assignments made by other rules; and (3) action rules, which either execute or don't execute a command in accordance with the descriptor/name assignments made by other rules.

Preferably only the retrieval rules include numeric operations. Preferably only the action rules can enable execution of an external command (i.e. of a command which does not merely affect the operation of the expert procedure). Preferably each of the action rules requires only a logical test for the assignment of a descriptor to a name. Preferably none of the action rules can assign a descriptor to a name.

While this organization of an expert system's structure is especially advantageous in the context of a process control expert system, it can also be applied to other types of expert systems. In a process control system, the relevant inputs will normally be process data, laboratory data, or control system parameters. The relevant outputs will normally be executable procedures which affect the operation of control or supervisor systems, or communicate with operators or domain experts. This teaching could also be applied to expert systems generally, in which other input and output functions are more important.

For example, in consultative use, retrieval rules need not be confined to numeric inputs, but could accept the natural language descriptor/name assignments as input from the user. To better control the requests for input, such consultative retrieval rules could advantageously execute contingent upon a test for the previous assignment of a descriptor to a name.

In general, this structuring of the inference rules provides for a more understandable expert. The retrieval rules provide access to process and control system data, and translate from quantitative input data into a natural language form. The emulation of natural-language reasoning is concentrated as much as possible in the analysis rules, which capture knowledge in a form which might be used to communicate between domain experts. The action rules translate from the natural language inference process back to output procedures which are meaningful in the computer and control system being used.

Modular Organization

The organization preferably used for process control has substantial advantages. The top level procedure is a modular process supervisory controller. The supervisor modules allow flexible specification of timing and coordination with other modules. Modules carry out commonly used control functions, using data specified through a standard data interface, as well as calling user customized functions. User customized functions might generate messages, perform unusual control actions, or call expert system procedures. Using the build-supervisor procedure, users can define or redefine modules by editing highly constrained templates which include a standard data interface specification. The standardized data interface (as seen by the user) facilitates communications with an extremely wide variety of systems. Dynamic revision is achieved by storing the user input to the constrained templates as data in a storage area accessible to both the supervisor and build-supervisor procedures. The running supervisor examines the stored data to determine which functions have been specified for that module, and what data sources have been specified through the standard data interface. The supervisor then calls an appropriate modular function and passes the user-specified data.

This organization is especially advantageous in providing parallelism and branching in control strategies. That is, the modular organization of the presently preferred embodiment permits at least the following capabilities:

(a) control strategies for more than one independent control application can be defined and updated;

(b) control strategies for more than one lower level process control system can be defined and updated;

(c) alternative control strategies can be defined and stored, so that an expert system (or other software or user command) can switch or select between control strategies merely by selecting or "de-selecting" modules;

(d) timing and coordination of module functions is facilitated;

(e) multiple independent expert system procedures can be utilized within a single supervisor;

(f) more than one user can define control strategies by accessing different modules, simultaneously if desired.

Another innovative teaching herein is that each supervisor module (or, less preferably, less than all of the module types) should preferably contain a pointer to optional user-customized functions. These functions can be used to generate informative messages about module actions, or a sophisticated user can implement unusual or non-standard control functions, or other customization utilities (such as the build-expert procedure in the presently preferred embodiment) can be used to generate functions accessed in this manner.

This structure is "modular" in the sense that users can call up and modify the various blocks separately; but, as will be discussed below, the command procedures which perform the standardized block functions are not necessarily separate within the source code. That is, modularity is advantageously achieved by storing the template-constrained user inputs to each block as data; when the user wishes to modify the block, the data is translated back into corresponding fields in the template.

Preferably, one of the modular functions in the supervisor is statistical filtering. This is particularly useful in that statistical filtering can be introduced wherever it is advantageous, without requiring extensive custom programming by the users. As described above, statistical filtering is advantageous both for avoiding overreaction to insignificant changes, and also for aiding the understanding by plant operators by reducing the number of actions.

One of the novel teachings contained in the present application is that the use of statistical filtering helps to minimize the number of control parameter adjustments performed by the expert system, which in turn is very advantageous (as discussed below) in providing an understandable log of control actions taken.

Sequencing Modular Blocks

One innovative teaching herein is a system for process control having a modular supervisor procedure which includes novel module timing and sequencing methods. Users can preferably specify modules by editing highly constrained templates, which include several specifiers for methods to be used in controlling and coordinating module execution. Preferably the module timing options include: (1) execute module function at fixed time intervals; (2) execute module function when new data becomes available for a specified data source; (3) execute module function whenever another module executes; (4) execute module function only on programmatic request; and combinations of these. Preferably a standardized data interface is used to specify the data source for the second of these options.

Integration of Expert Procedures

The integration of expert systems into process control has been a challenging problem. Most previous attempts to use expert systems in process control have used LISP based expert systems running on a dedicated machine, often a symbolic processing machine. Usually only one expert system with a single large knowledge base is created for a process. Since the knowledge base could contain many rules, a complex knowledge representation and inference process are needed to make inferences fast enough for real-time use. The expert system typically runs independently, scheduling its own activities, and thus is effectively the "top level" procedure. Using a top level expert makes it more difficult to accommodate more than one expert system. (Another way to regard this area of advantage is to note that, without the inventions contained in the present application, the potential modularity of the expert system cannot be fully exploited.)

Several of the novel embodiments described herein achieve substantial advantages by using more than one expert system subprocedure within a single integrated system. Since expert decisions will normally focus on a specific task or area, the modularity of the problems can be exploited in the structure of the expert system. Also, if the experts run under control of the supervisor, it is much easier to coordinate the decisions of the expert systems with the control actions of the supervisor. Since many important uses of expert systems will affect control actions, this is an important factor.

Another advantage of a modular structure, where expert systems are included as independent procedures called by the supervisor, is that the overall process control system is more reliable. A badly or incompletely functioning expert system within an overall supervisor system will affect only the functions it specifically interacts with. However, the failure of a top level expert system, which controls timing and execution of control functions, could disable all supervisor functions. The modular structure also has significant advantages in maintenance and debugging.

Thus, the organization preferably used for process control has substantial advantages. The top level procedure is a cycling procedure which functions as a process control supervisor. The supervisor process can call on one or more expert system procedures, and the user can call on a build-expert procedure which can reconfigure one of the expert systems already present, or create a new expert system. The supervisor procedure can preferably also call on a historical data base.

The modular organization described is especially advantageous, as discussed above, in providing parallelism and branching in control strategies. This is especially advantageous in process control situations, since the appropriate strategies for different circumstances can be fully pre-defined by the user, and he can rapidly switch between pre-defined strategies as the need arises.

Historical Process Database

The use of a historical database of process data in combination with a process supervisor procedure and/or expert system procedure is particularly advantageous. In the presently preferred embodiment, a historical database is used which can provide a time-stamp with each piece of output data, to clearly indicate provenance, and can retrieve the stored data (for a given parameter) which bears the time-stamp closest to a given time. The historical database can preferably maintain a record of continuously measured process data (such as temperature, pressure, flow rate), as well as discretely sampled, time-delayed measurements, such as laboratory measurements. The database greatly facilitates the use of laboratory (or other sampled type) measurements. Because of the time delay in making laboratory measurements, the value of the measurement when it becomes available in the database will correspond to the continuously measured data for the instant at which the measurement sample was actually taken, which might be several hours in the past. The historical database allows time delayed measurements and their corresponding continuous measurements to be used together. This is advantageous for balancing component material flows in the process. In the presently preferred embodiment, the historical process database may be thought of as providing a way to "buffer" time-stamped data and provide a standardized data interface, but it also permits other functions to be served.

The historical database also advantageously provides a basis for statistical tests. Some statistical tests will require a number of past measurements, which can be retrieved from the database. The database also advantageously allows the calculation of time average values of measurements. This can be useful in dampening noisy signals for use in a control action. In general, the database advantageously serves to buffer data input from a number of sources, standardizing access from the supervisor and expert procedures.

One of the innovative teachings in the present application is an integrated system for process control in which a process supervisor procedure (which is preferably the top-level procedure) is configured as a modular software structure, with modules which can be revised by a user at any time, without significantly interrupting the operation of the process supervisor. The supervisor can define control parameters for many process control procedures, and can retrieve data from many sources (preferably including a historical database of process data, which can provide time-stamped data). The supervisor can also call on various expert subprocedures. Preferably the expert subprocedures can also be modified by an authorized user at any time, by calling up and editing a set of natural-language rule templates which correspond to the rules being executed by the expert subprocedure.

One of the innovative teachings in the present application is an integrated system for process control in which the user can customize the process supervisor procedure with reference to a standardized data interface. The data values to be used by the supervisor are specified in the standard interface by two identifiers. The first identifies which (software) system and type of value is desired. The value of a setpoint in a particular distributed control system, the value of a sensor measurement in a particular process monitoring system, the value of a constraint from a process control or supervisor system, and time averages of sensor measurements from a particular historical database are examples of this. The second identifier specifies which one of that type of value is desired, for example the loop number in the distributed control system.

Data values specified through the standard interface may be used as measured values, manipulated values, or as switch status values indicating an on/off status. Preferably the interface allows the user to specify data in any of the relevant process control and data collection systems used for the process, or for related processes. Preferably, the interface also allows specification of data (both current and historical) in a historical process database. Since multiple control systems (or even multiple historical databases) may be relevant to the process, the standard interface greatly facilitates the use of relevant data from a wide variety of sources.

BRIEF DESCRIPTION OF THE DRAWING

The present invention will be described with reference to the accompanying drawings, wherein:

FIG. 1 schematically shows the structure of hardware and procedures preferably used to embody the novel process control system with expert system capabilities provided by various of the innovative features contained in the present application.

FIG. 2 is a schematic representation of the flow of information in the expert system structure preferably used.

FIG. 3 shows the template used for a retrieval rule in the presently referred embodiment, together with a sample of a retrieval rule which has been entered into the template.

FIG. 4 shows an example of a different kind of retrieval rule, known as a calculation rule.

FIG. 5 shows an example of an analysis rule 220.

FIG. 6 shows the presently preferred embodiment of the template for action rules, and an example of one action rule which has been stated in this format.

FIG. 7 shows an example of a chemical synthesis processing layout in which the method taught by the present invention has been successfully demonstrated. FIG. 8 schematically shows the structure preferably used for the supervisor procedure 130 and the build supervisor procedure 810.

FIG. 9 shows a menu which, in the presently preferred embodiment, is presented to the user by the build-supervisor procedure 810 to select a template to provide user inputs to define or modify a block within the supervisor procedure.

FIGS. 10-13 show specific templates which, in the presently preferred embodiment, are presented to the user by the build-supervisor procedure to provide input to define or modify a feedback, feedforward, statistical filtering, or program block, respectively.

FIG. 14 shows a block-editing utility menu presented to the user, in the presently preferred embodiment, by the build-supervisor procedure.

FIG. 15 shows a flow chart for the base cycle procedure used in the supervisor procedure in the presently preferred embodiment.

FIG. 16 shows a menu which, in the presently preferred embodiment, is the top-level menu presented to the user by the build-supervisor procedure, and

FIG. 17 shows a menu which is the top-level menu within the build-expert procedure.

FIG. 18 is another schematic representation of the interrelations among the various procedures which permit user customization of functionality.

DESCRIPTION OF THE PREFERRED EMBODIMENTS General Organization of Hardware and Procedures

FIG. 1 schematically shows the structure of hardware and procedures preferably used to embody the novel process control system (with expert system capabilities) provided by various of the innovative features contained in the present application. An underlying process (for example a chemical process) is very schematically represented as a single pipe 160, on which sensors 156 and one actuator 158 are explicitly shown. Of course, real world examples are substantially more complex; FIG. 7 shows the chemical process flow of a sample system in which the presently preferred embodiment has been successfully demonstrated. The various actuators 158 are controlled, in accordance with feedback signals received from various sensors 156, by one or more controllers 154.

In the presently preferred embodiment, the controller 154 is configured as a pneumatic proportional, integral, derivative (PID) controller. However, a wide variety of other controller technologies and configurations could be used. Pneumatic controllers are used in this example because they are common in the chemical process industry, and match well with the feedback requirements of chemical process control. Alternatively, an all-electronic distributed control system could be used instead. Moreover, the controller functionality could be different, e.g. a proportional/integral controller or a proportional controller could be used instead. In the presently preferred embodiment, the PID controller 154 is directly controlled by a computer control system 152. (This system 152 is referred to, in the various examples of user menus shown, as "PCS" (process control system.) The computer controller system 152 and the PID controller 154 may be regarded together as a single first level controller 150, and could easily be configured in that fashion (as with a distributed digital control system) to implement the present invention.

The control system 150 receives at least some of its parameters 132 (e.g. setpoints or feedforward ratios) from a supervisor procedure 130, which is preferably a higher level of control software. (In many of the sample user menus and forms shown, the supervisor procedure 130 is referred to briefly as "ACS.") The supervisor not only receives inputs 157 indirectly (or directly) from various sensors 156, it also receives lab measurement data 162, and also can issue calls to and receive inputs from the expert system 120, as will be described below.

In the presently preferred embodiment, the supervisor and build-supervisor procedures run on a minicomputer (e.g. a VAX 11/785), while the computer control system 152 is a PDP-11.

The supervisor 130 is preferably also connected to a historical process data base 140, which directly or indirectly receives the inputs from the sensors 157 and the off-line lab measurements 162. Thus, when the supervisor needs to access a value 157 or 162, it is not necessary for it to call on a physical device or read a real-time signal. It can simply call a stored value (together with a time stamp) from the database 140. However, many of the advantages of the present invention could also be obtained without using the historical process data base 140.

In addition, the supervisor 130 preferably also embodies a statistical control system. Statistical control systems, as are well known in the art of chemical processes, are advantageous when the process characteristics and measurement characteristics are subject to significant random variation, as they normally are in the chemical process industry. Statistical filtering tests are preferably performed to filter out statistically normal variation, and ascertain whether a process has significantly deviated from its current goal or average. (Alternatively, the statistical filtering functions could be performed elsewhere in software, e.g. in the database software.)

The supervisor procedure 130 is preferably run as a cycling process, and can call multiple expert systems 120 when indicated. (In many of the sample user menus and forms shown, the expert and build-expert procedures are referred to briefly as "PACE.")

A sample realistic process context (in which numerous innovative features have been successfully demonstrated) will first be described. The operation of the historical process database will next be described, since that provides a standardized data interface to which many of the other functions connect. Next, the functioning of the build-supervisor procedure will be described in detail, since that provides many details of how the supervisor is configured in the presently preferred embodiment, and after that the organization of the supervisor procedure itself will be discussed in greater detail. In later sections, the structure of the expert systems preferably used will be described in detail, and the operation of the build-expert procedure which constructs the expert systems will also be described in detail.

Sample Process Context

FIG. 7 schematically shows a sample embodiment of a chemical process incorporating several novel features described in the present application. The system shown is one in which various novel aspects set forth in the present application have been advantageously demonstrated.

It should be understood that the present invention provides a tool of very broad applicability, which can be used in many processes very different from that of FIG. 7. Thus, for example, various of the claims herein may refer to sensors which sense "conditions" in a process, or to actuators which change "conditions" in a process, without reference to whether one sensor or many sensors is used, whether one or several parameters is sensed by respective ones of the sensors, whether the actuators are valves, motors, or other kinds of devices, etc.

FIG. 7 shows part of the distillation train of a process in which paraxylene is air oxidized to make terephthallic acid, which is then esterified with methanol and refined to dimethyl terephthallate (DMT). DMT is sold as a bulk product, and commonly used as a polyester precursor. The esterification process will produce a significant fraction of the impurity methyl formyl benzoate (MFB). One of the key objectives in a DMT synthesis process is controlling the compositional fraction of MFB, since it affects the properties of products made from DMT. The refining train shown in FIG. 7 will reduce the average MFB fraction to a fairly constant level which is (in this example) about 22 ppm (by weight).

The crude feed 702 will typically have a composition which is (by weight) about 74% DMT, about 20% orthoxylene (and related components which tend to recycle with the orthoxylene), about 5% methyl hydrogen terephthallate (MHT), and about 0.2% of methyl formyl benzoate (MFB). The MFB-depleted product 740 is preferably further refined to reduce the MHT fraction.

The crude feed 702 is fed into approximately the middle of a first distillation column 710. The column 710 is heated at its base by a steam reboiler 712. The steam flow is controlled by a flow controller 714 (which is connected to an actuator 716 and a sensor 718.) Similarly, the feed flow controller 704 is connected to an actuator 706, and a sensor 708. The column 710, as operated in the presently preferred embodiment, has internal pressures and temperatures which range from about 230 Torr at about 230° C. at its bottom to about 55 Torr at about 70° C. at its top. The vapor stream 720 is passed through a condenser 722, and some of the resulting condensate is fed back into the column as reflux 724. The product stream 726 has a mass flow rate of about 20% of the crude feed 702, and is recycled. A bottom product 728 is fed to the top of a second distillation column 730. The second distillation column has a steam reboiler 732 near its bottom (controlled by a steam flow controller 734, actuator 736, and sensor 738). The pressures and temperatures in the second column 730 (which in the user screens of the presently preferred embodiment is frequently referred to as the "MFB column") range from about 240° C. at about 235 Torr at the bottom of the column to about 70 Torr and about 190° C. at the top of the column. The bottom product 740 of the column 730 (which has a mass flow of about 0.8 of the crude feed 702) is the MFB-purified product. (In this product the fraction of MFB will on average have been reduced to about 22 ppm, for the conditions given.) The top product 742 of the column 730 is passed through a condenser 744 and reintroduced into column 710 as a bottom feed. (Column 710 is referred to, in the specific example given below, as the "xylene column".) The mass flow in the loop 728/742 is quite large; typically the mass flow of flow 728 will be about three times the mass flow of the crude feed 702.

In addition, a third distillation column, in the presently preferred embodiment, is operated in parallel with a middle section of column 710. This third column 750 is fed a side draw stream 752 from the first column 710. The vapor stream 754 of column 750 is passed through a condenser, and part of the condensate is reintroduced to column 750 as a reflux 758. Most of the remaining condensate is reintroduced to first column 710 as an upper middle feed. Similarly, the liquid stream 762 of third column 750 is partly reintroduced as a bottom feed after being vaporized in the reboiler 764, but is also partly fed back into column 710 as a lower middle feed 766. The additional separation provided by the third column 750 enhances the net compositional segregation of MFB. The middle product 768 of the third column 750 is a low-flow-rate product flow (typically 0.003 times the mass flow of the crude feed 702), and this product flow removes most of the undesired MFB impurity from the system. The temperatures and pressures in the third column 750 range from (in this example) about 230° C. at about 260 Torr at the bottom of the column to about 60 Torr at about 125° C. at the top of the column. Stream 761 is a small purge stream removing intermediate materials.

In the sample embodiment, the three primary control points for control of MFB composition are the steam feed to the MFB column reboiler 730, which is controlled by flow controller 734; the steam feed to the xylene column reboiler 710, which is controlled by flow controller 714; and the feed of crude feed stock to the xylene column 710, which is controlled by flow controller 704. Numerous other controllers, pumps, and other process equipment maintain the temperatures, pressures, and flow rates at other points in the process. In accordance with principles well known in the art of chemical engineering, this serves to maintain mass and energy balances and compositional trends consistent with the ultimate control objective, which is to maintain a high and constant purity in the product stream 740.

Historical Process Database

In the presently preferred embodiment (as shown in FIG. 1), the supervisor 130 receives data primarily through a historical process data base 140, which directly or indirectly receives the inputs from sensors 157 and off-line laboratory measurements 162. Thus, when the supervisor needs to access a value 157 or 162, it is not necessary for it to call on a physical device or read a real-time signal, since it can simply call a stored value (together with a time stamp) from the database 140.

In the preferred embodiment, every data value provided by the historical database has a timestamp attached. Data are received in at least two ways: first, some parameters are received as nearly continuous data flows (more precisely, as high-sampling-rate time series). For example, the data 157 from sensors 156 (e.g. temperature sensors) will be received as a series of digital values from analog-to-digital converters 155. In the presently preferred embodiment, compression algorithms are used to reduce the storage requirements of this data, and permit a usefully long period of time to be represented without requiring impractical amounts of storage space. However, this operation (which includes both compression and decompression algorithms) is essentially invisible to the supervisor procedure 130.

Secondly, lab analysis data 162 can also be stored in the historical database 140. For example, compositional measurements must normally be done offline. A physical sample will be pulled from the physical process flow and sent to the laboratory for analysis. The resulting lab analysis value is entered into the historical database, timestamped with the time the sample was taken.

A third source of data is simulations: running processes can be simulated, using any of a variety of currently available simulation methods, and predicted conditions can be stored in the historical database (together with the proper timestamp). Thus, for example, control strategies can access data generated by complex real-time simulations.

Thus, many of the advantages of the database 140 derive from the fact that it can provide a timestamp to accompany every piece of data it provides. In addition, in the presently preferred embodiment, the database also stores the name and units for each parameter. As presently practiced, the database is also able to perform a variety of other functions, including monitoring, activating alarms if certain sensed measurements reach certain critical levels, output processing (i.e. loading data out to physical devices), generating plots of selected parameters over time, as well as other common database functions (e.g. generating reports).

This structure is quite flexible: for example, in alternative embodiments, one supervisor procedure could interface to multiple databases 140, and/or one database 140 could receive calls from more than one supervisor procedure 130 (which optionally could be running on different systems).

Supervisor and Build-Supervisor Procedures

The present application describes some very advantageous features of novelty in the supervisor procedure 130 and build-supervisor procedure 810, which could optionally and less preferably be incorporated in embodiments which did not include at least some of the innovative features described in the context of the expert and build-expert systems 110 and 120.

The supervisor procedure 130 preferably used contains a modular software structure which greatly facilitates initial setup and also modification. Preferably the supervisor procedure 130 is a cycling procedure constructed as a set of blocks. That is, each block defines a core procedure which (as seen by the user, both initially and whenever called up for modification) is substantially self-contained, and which (in the presently preferred embodiment) is of one of four types. Preferably each block is either a feedforward block, a feedback block, a statistical filter block, or a program block. (That is, preferably each block is configured by user inputs to a template for one of these block types.) Preferably each kind of block also has the capability to call a user subroutine, and in fact the "program blocks" used in the presently preferred embodiment perform no other function.

The functional templates and data interface definitions for the most commonly used functions are pre-defined, but the user can also add code of his own if he wishes to do so. Providing standardized templates for the most commonly used functions expedites initial functional definition, and also facilitates maintenance, but sophisticated users are not prevented from writing their own customized functions (such as messaging).

Feedback blocks are used when a manipulated parameter must be adjusted to keep a measured parameter near a desired goal. Feedforward blocks are used when two parameters (which are not necessarily in a causal relation) are linked, i.e. when a manipulated parameter must be adjusted to keep it in some ratio (or other relation) to a measured parameter. Statistical filtering blocks are used, in the presently preferred embodiment, to provide the advantages of statistical process control, and to facilitate minimizing the number of control parameter adjustment actions.

Preferably a maximum number of blocks is predefined. (In the presently preferred embodiment, 200 blocks is the preset maximum, and this number is large enough to serve the control needs of several different systems simultaneously.) The imposition of a maximum helps to maintain the software, by limiting the number of functions which can be crowded into any one software structure, and by motivating users to delete obsolete block definitions.

Thus, a software structure like that described can be used to control several systems and/or used by several users. The provision of "ownership" identification for each block, which may optionally be combined with access privilege restrictions, advantageously helps to preserve maintainability in multi-user environments.

FIG. 8 shows the preferred organization of the supervisor procedure 130. The top level loop (shown as a base cycle controller procedure 802), which calls the various blocks 851, 852, 853, . . . , sequentially, is preferably a cycling procedure. For example, the dormant time waiting block 891 might be set, in the dimethyl terephthalate synthesis application described, so that the base cycle procedure 802 is executed every 15 minutes (and therefore the entire sequence of blocks 851 etc. is called for possible execution every 15 minutes). The base cycle procedure also preferably performs some overhead functions. For example, the base cycle procedure 802 optionally contains the appropriate commands for branching on interrupts 804, and for initialization after a start command 806. Secondly, the base cycle procedure 802, upon calling each block, will preferably look at the header of the block (which is stored as data in shared memory, as discussed below), and usually also at some external information, such as the system clock value or the time stamp of a variable, to see if that block is due to execute. In the presently preferred embodiment, each block will also have status flags which indicate whether it may be executed, and will also have timing options which can be used by the user to specify, for example, that a particular block is to be executed only every 175 minutes.

The base cycle procedure 802 is not the only procedure which is relatively "high-level" with respect to the blocks 851, 852, etc. The build-supervisor procedure 810 is able to present the user with templates 812, and to (effectively) change the operation of the blocks 851, 852, etc., by changing shared memory values in accordance with the user's inputs to the templates 812.

That is, the real time control actions of the supervisor procedure blocks are supervised by the base cycle procedure 802. The base cycle procedure is responsible for determining when blocks are on/off, when blocks should be initialized, and when blocks should be executed. It also controls the timing of the base scan through all blocks.

In the presently preferred embodiment, each time the base cycle procedure executes a block, it checks the block type label (in shared memory) and calls the appropriate subroutine. That is, a single block of executable code is used for all of the feedback blocks, and similarly another block of code is used for all the feedforward blocks, etc., so that all 200 blocks require only four subroutines for their standard functions. Each time the base cycle routine executes a feedback block, it calls up the user-defined parameter set for that particular block, and passes those parameters to the subroutine which performs feedback functions in accordance with those parameters.

Base Cycle Procedure

FIG. 15 shows a flow chart of the logic preferably used in the base cycle procedure 802. The sequence of actions used in the main control program, when it is first started (e.g. by submitting it to a job queue) is:

Check to see if more than 30 minutes has passed since the last control cycle in the supervisor procedure. If so, initialize all blocks whose status is "On", "Active", or "Just turned on". (Initialization sequence is given below).

Start the control cycle loop: (This loop is shown as 1510 in the flow chart of FIG. 15.)

Set the system status to "Running-Computing".

Compute the next cycle time by adding the base scan interval to the current time.

Start a loop through all blocks, starting with block number 1 and counting up to the maximum number of blocks (This loop is shown as 1520 in the flow chart of FIG. 15):

Check block status:

Get the switch status of the block. If the block is switching with an external switch parameter, get its status. (The switch status will be "On" if the external switch is on, or "Off" if the external switch is off.) If the loop is switched manually, the switch status is the same as the block's current status.

If the switch status is "On", "Active", "Toggled On", or "Just turned on", the block is on.

If the block is on, and the current block status is not "On" or "Just turned on", then the block is just being turned on. Set the Block Status to "Just turned on".

If the block is on, and the current block status is "On" or "Just turned on", then the block is continuing to be on. Set the Block Status to "On".

If the block is not on, it is off. Set the block status to "Off".

If the block status is "Off", "Inactive", or "Failed", loop back up and start the next block.

If the block status is "Just turned on", INITIALIZE the block (These steps are shown as 1524 in the flow chart of FIG. 15):

If the block has a measured variable, set the "Last measured time" equal to the current time of the measured variable.

If the block has a Key block, set the "Key block time" equal to the "Last execution time" of the key block.

Set the "Last execution time" of the block to the current time.

If the block is a feedforward block, set the "Old measured value" equal to the current value of the measured variable.

If the block has a measured variable, get its current time.

If the block has a key block, get its last execution time.

If the block timing option includes fixed interval, and if the elapsed time since the "last execution time" of the block is greater than or equal to the execution time interval, set the execute flag for the block.

If the block timing option includes keying off the measured variable, and if the current time of the measured variable is more recent than the "last measured time" of the block, set the "last measured time" for the block equal to the current time of the measured variable, and set the execute flag for the block.

If the block timing option includes keying off another block, and if the last execution time of the key block is more recent than the "key block time", set the "key block time" equal to the last execution time of the key block, and set the execute flag for the block.

If the execute flag for the block is set, set the last execution time for the block equal to the current time, and execute the block. Only execute the block once, even if more than one timing option was satisfied. (The block execution procedures are discussed in greater detail below, and are shown generally as 1530 in the flow chart of FIG. 15.)

If more blocks need to be processed, loop back to the next block.

This is the end of the loop 1520 through all the blocks.

Set the system status to "Running-Sleeping".

Set a wake up timer for the next cycle time computed above, and go to sleep until the timer expires, or until awakened by a request to terminate the program.

Wake up Check to see if interrupted to terminate. If so, set the system status to "Terminated normally", and stop completely.

If not terminated, branch back to the start of the control cycle loop 1510.

Sample Source Code

The source code for the procedure which actually performs this function, in the presently preferred embodiment, is as follows. Due to the formatting requirements of patent applications, some portions of this and other portions of source code provided herein contain statements which are wrapped across more than one line (and hence would need to be restored to single-line format, or appropriate leaders inserted, before being loaded for execution); but those skilled in the art will readily recognize these instances, and can readily correct them to produce formally perfect code. ##SPC1##

Build-Supervisor Procedure

The build-supervisor procedure 810 presents templates 812 to the user and stores the user responses to these templates in a "global section" portion of memory (i.e. a shared or commonly accessible portion of memory). That is, the user inputs to the templates for the various blocks 851, 852, etc., are stored where the base cycle procedure 802 can access them and the build-supervisor procedure 810 can also access them. Thus, an authorized user can at any time interactively call up data from shared memory space 814, see these parameters in the context of the templates 812, and modify the functions of the various blocks 852, 853, etc. and/or define new blocks (and/or delete existing blocks), while the base cycle procedure 802 continues to call the various blocks on the appropriate schedule. That is, the base cycle procedure 802 is preferably a cycling procedure which satisfies the real-time process control demands of the underlying process, while the build-supervisor procedure 810 retains the capability for reconfiguring the operation of the various blocks in the supervisor, according to user input.

It should be noted that the structural features and advantages of the build-supervisor procedure are not entirely separate from those of the supervisor procedure. The two procedures are preferably operated separately, but they provide an advantageous combination. The features of the supervisor procedure are partly designed to advantageously facilitate use of the build-supervisor procedure, and the features of the build-supervisor procedure are partly designed to advantageously facilitate use of the supervisor procedure.

In the presently preferred embodiment, the nexus between the build-supervisor procedure and the supervisor procedure is somewhat different from the nexus between the build-expert procedure and the operating expert procedures. The user entries made into the more constrained parts of the templates can be transferred fairly directly to the operating supervisor procedure: the build-supervisor procedure stores values (corresponding to the data input by the user in the accessible fields of the templates) in a shared section of memory, which is immediately accessible by the supervisor procedure as soon as the stored status value for the block is changed to "Active". By contrast, if the customized user routines (including the expert routines generated by the build-expert software) are modified, they must be compiled and linked with the supervisor procedure.

The build-supervisor procedure 810 preferably also has the capability to stop or restart the base cycle procedure 802, independently of whether the build-supervisor procedure 810 has updated the shared memory 814 in accordance with user inputs to templates 812.

Top-Level Menu

The user who begins an interaction with the build-supervisor procedure is first presented with a menu which (in the presently preferred embodiment) resembles that shown as FIG. 16. This menu provides options which permit the user to setup (or modify) blocks, to monitor blocks, to call block-management utilities, to exit, or to go into a structured environment for writing user programs.

If the user chooses block setup, he next sees a menu like that shown in FIG. 9. This menu is presented to the user by the build-supervisor procedure 810 to select a specific existing template 812' (i.e. a template with the previously defined data values of a particular block are shown in the appropriate fields of the template) or a blank template 812 of a given type to provide user inputs to define or modify a block 851, 852, etc.

This form allows the user to choose which block to enter setup parameters for, and, if the block is a new one, allows a choice of which type block it will be. To go back to the previous form (in this case the top-level menu), he can press the "-" key on the keypad.

To set up a new block, the user can either enter a block number which he knows is not in use, or the build-supervisor procedure will provide him with the lowest number block which is not in use. To enter a block number, the user can simply type the number in the block number field and press the return key. To get the build-supervisor procedure to find the lowest number unused block, the user can press keypad 8. The cursor will move to the block type field and the build-supervisor procedure will request that the user enter the number from the list for the type of block desired. The build-supervisor procedure will then present the user with a block setup form for that block type. If the user mistakenly enters a block number which is already in use, the build-supervisor procedure will go directly to the setup form for that block, but the user can simply press keypad minus on the setup form to go back to the block setup selection form and try again. To enter or modify setup parameters for an existing block, the user can simply enter the block number and press the return key, and the build-supervisor procedure will present the block setup form for that block.

In the best mode as presently practiced, all four block setup forms have some common features. Keypad 9 will move the cursor from anywhere on the form up to the block number field. Keypad 8 will find the lowest number available block and set it up as the same block type as the form showing on the screen. Keypad 7 tests all the parameters on the block and changes the block status to switch it on or off, or requests new data if the user has not yet supplied it. (In addition, many of the parameters are checked for gross error as the user enters them.)

The various block setup forms shown as FIGS. 10 through 13 will be individually described below; but first, some features common to some or all of the block setup forms, and some features characteristic of the operation of the blocks thus defined, will be described.

When a block is turned on, the block status will not go directly to "On." (The full system of block status options (in this embodiment) is described below.) Depending on how the block is set up to be switched on and off, the status will change to "Toggled on" or "Active". The base cycle procedure will update the status as the block is executed, changing to "Just turned on" and then to "On". When turning a block off, the status will change to "Off" or "Inactive", again depending on how the block is set up to switch. These status sequencing rules facilitate use of initialization and/or shutdown steps in controlling block functionality.

Any time a parameter is entered or changed on a setup form, the block status will be set to "Inactive." This means that the block parameters have not been checked to assure that everything needed has been entered and is consistent. If a parameter is changed on a block which is currently on, the block must be toggled from "Inactive" to "Active" or "Toggled On" using Keypad 7.

Data Source Specification

The templates presented to the user for block customization include a standardized data interface. The data values to be used by the supervisor are specified in the standard interface by two identifiers. The first identifies which (software) system and type of value is desired. The value of a setpoint in a particular distributed control system, the value of a sensor measurement in a particular process monitoring system, the value of a constraint from a process control or supervisor system, and time averages of sensor measurements from a particular historical database are examples of this. The second identifier specifies which one of that type of value is desired, for example the loop number in the distributed control system.

For example, in FIG. 10 the user has entered "4" in the highlighted area 1002 after the phrase "Measured Variable Type:". This particular identifier (i.e. the value entered in this field by the user) indicates that the variable type here is a current value of a variable from the historical database, and the build-supervisor procedure adds an abbreviated indication of this ("Current Val Hist Dbase Var #") onto the user's screen as soon as the user has entered this value in the field 1002. (If the user entered a different code in the field, a different short legend might be shown. For example, as seen in FIG. 10, the user has indicated a variable type of "2" after the phrase "Manipulated Var Type", indicating that the manipulated variable is to be a loop goal of the DMT control system.) As the second identifier, the user has indicated a value of "2990" in field 1004, to indicate (in this example) which particular Database variable's current value is to be used. For this identifier too, the build-supervisor procedure adds an abbreviated indication of its interpretation of this identifier ("DMT PRD MFB SHWRT DEVIAT") onto the user's screen as soon as the user has entered this value in the field 1004.

Data values specified through the standard interface may be used as measured values, manipulated values, or as switch status values indicating an on/off status. Preferably the interface allows the user to specify data in any of the relevant process control and data collection systems used for the process, or for related processes Preferably, the interface also allows specification of data (both current and historical) in a historical process database. Since multiple control systems (or even multiple historical databases) may be relevant to the process, the standard interface greatly facilitates the use of relevant data from a wide variety of sources.

Block Timing Information

In the presently preferred embodiment, all blocks except the Shewhart block provide the same block timing options. Block timing determines when a block will perform its control actions. The build-supervisor procedure provides three fundamental block timing options, which can be used in any combination, providing a total of 7 block timing options. The three fundamental options are:

Fixed Time Interval: the block will execute at a fixed time interval. The user specifies the time interval, e.g. in minutes. (Note that a combination of this option and the following has been specified in the example of FIG. 13, by the user's entry of "5" into field 1306.)

Key Off Measured Variable: the block will execute every time a new value is entered into the process database for the measured variable. The measured variable must be a "sampled" type variable. (Note that this option has been specified in the example of FIG. 10, by the user's entry of "2" into field 1006.)

Key Off Another ACS Block: the block will execute every time a (specified) lower numbered block executes. The user specifies which block will be the key block. Any combination of one, two or three timing options can be used. Blocks using a combination timing option execute whenever any of the specified timing options are satisfied. (Note that this option has been specified in the example of FIG. 11, by the user's entry of "3" into field 1006.)

Block timing options are represented on the setup forms by a number code. The user enters the number code corresponding to the desired timing option. If the timing option includes fixed interval timing, an execution time interval must also be specified. If the block is to key off another block, the key block number must be specified.

In future alternative embodiments, the block timing options set forth here may be especially advantageous in multi-processor embodiments: the separation of the control action specifications in multiple blocks shows the inherent parallelism of the problem, while the keying options in which one block keys off another show the block sequencing constraints which delimit the parallelism. The standardized data interface used in the presently preferred embodiment may also be advantageous in this context, by allowing block execution to be keyed off events external to the supervisor.

Primary Block Switching

The supervisor procedure provides several ways to switch block actions on and off. If the block needs to be turned on and off by an operator, the build-supervisor procedure allows the user to specify an external switch system and a switchable entity within that system which the block on/off status is to follow. For example, the user may specify a specific control system and a loop number within that system. The block will turn on when that loop is on, and off when that loop is off. The standardized data interface allows any accessible control system to act as the switch system. As a further alternative, the blocks can be set to switch on and off only under the control of the developer (i.e. under the control of the build-supervisor user). In this case, the block can only be switched using the toggle on/off function on the block setup form.

The external switch system is represented on the block setup forms by a number. The user enters the number corresponding to the external switch system he wants to use. The entity within the switch system (e.g. the loop number) is entered in the next field. (In the example of FIG. 10, the user entries in fields 1008 and 1010 have specified an external switching variable.) If the block is to be turned on and off only from the build-supervisor procedure setup form, a zero is entered for the switch system number, and the word "Manual" will show in the field for the switch entity number. (This option has been selected in the example of FIG. 13.)

Secondary Block Switching

The supervisor also provides secondary means of controlling block execution. Blocks which have been turned "on" by their primary switch controls may be "selected", "de-selected", or "held" by programmatic requests. The status of selected blocks changes to "On-selected". Selected blocks continue to function as if they were "On". The status of blocks which are deselected by programmatic request changes to "On-deselected". De-selected blocks take no control action. However, they differ from blocks which are "off" because they continue to maintain all their internal information so that they are always ready to execute if "selected". The status of blocks which are held by programmatic request changes to "on- holding". The programmatic request includes the length of time the block is stay on hold. Blocks which are holding act as if they were off. When the holding time expires, the status of holding blocks changes to "Just turned on," and they initialize.

One advantage of these block switching options is that they provide a way to embed alternative control strategies in the supervisor procedure. That is, control strategies can be readily changed merely by selecting some blocks in the supervisor procedure and/or deselecting other blocks. This is advantageous in terms of software documentation, since it means that alternative control strategies can be documented and maintained within the same software structure. It is also advantageous in interfacing to other procedures: for example, the expert systems called by the presently preferred embodiment will frequently take action by selecting and/or deselecting blocks of the supervisor procedure.

These block control options facilitate the use of one supervisor procedure to interface to multiple controllers, and the use of one supervisor procedure by different users to control different processes. The block status system permits one or more blocks to be updated without interfering with the running supervisor process; in fact, in optional environments, multiple users could be permitted to update different blocks at the same time.

Block Description Fields

All blocks allow the user to enter three descriptive fields. These fields are for user reference and can be searched when printing lists of block parameters. They have no effect on block actions. The "control application name" field allows the user to group blocks that are part of the same control application by giving them all the same application name. (In the example of FIG. 10, the user entry in field 1014 has specified "MFB Control". Note that the examples of FIGS. 11, 12, and 13 show corresponding entries in this field.) The block description field allows the user to describe the block's specific action or purpose. (In the example of FIG. 13, the user entry in field 1316 has explained that this is a "Block to run expert deciding where to take MFB feedback action".) The ownership field specifies which user has control of the block. (In the example of FIG. 10, the user entry in field 1012 has specified "Skeirik". Note that the examples of FIGS. 11, 12, and 13 show corresponding entries in this field.) This field facilitates use of the organization described in environments where multiple users are defining blocks which run within the same supervisor procedure.

Of course, in multi-user environments it may be desirable to allow some users a greater degree of access than others. Thus, for example, some users may be authorized to edit a block, while others may be authorized to toggle the block on or off but not to edit it, and others may be authorized to monitor block operation but not authorized to change it. Similarly, access to expert systems may be constrained by giving greater authorization to some users than to others; some users may be permitted to make calls to the expert system but not to edit the rulebase, and other users may not be permitted to do either. In the presently preferred embodiment, all of these choices can readily be implemented by using the file ownership and access control list options available in the VMS operating systems, but of course this functionality could be implemented in many other ways instead.

Action Logging

The supervisor procedure provides a means of reporting control actions and/or logging them in a file for recall. Control action messages are written by a user routine. Control blocks call user routines after their control actions are complete, and pass data regarding their actions. The action log file field allows the user to enter the name of the file to which logging messages will be written. The same log file can be used for more than one block (e.g. if the two blocks' actions are part of the same control application). (For example, note that field 1018 in the example of FIG. 10 and field 1118 in the example of FIG. 11 both specify "MFBCONTROL" as the action logging file.) The log file name is limited to letter and number characters, and no spaces are allowed (except after the end of the name).

Block Status

Note that, in the example of FIG. 10, a block status of "On-selected" is displayed in area 1020. This is not a field into which the user can directly enter data, but it will change in response to user actions (e.g. the user can toggle the block on or off by hitting keypad 7). The block status codes used in the presently preferred embodiment reflect several aspects of block setup and execution, including:

Proper configuration of block parameters;

On/off status of block;

Failure of block actions; and

Failure of user routines.

Some common block status values are:

"Inactive:" this indicates that the block has not been properly configured and toggled on, or that a parameter was changed. This is also the normal "off" status of a block which has been configured to switch on and off With a switch system variable, if the user toggles it off from the setup form.

"On:" this is the normal status for blocks which are performing their control actions.

"Off:" this is the normal status, for a block which has been configured to switch on and off with a switch system variable, when that variable is in its off state. This is also the normal status for blocks which are configured to switch on and off through the setup form only and have been toggled off from the setup form.

"Active:" this is the status to which a block is toggled on if it is configured to switch on and off with a switch system variable. This status will change on the next cycle of the control program, to "On" or to another value, depending on the state of the switch system variable.

"Toggled on:" this is the status to which a block is toggled on if it is configured to switch on and off through the setup form only. This status will change on the next cycle of the control program.

"Just turned on:" this is a normal transition state for blocks going from an "off" status (e.g.: off, inactive) to "On" status. Blocks whose status is "Just turned on" will be initialized by the base cycle procedure, which resets the last execution time and the measured variable and key block times used for block timing. Feedforward blocks initialize the "old" measured variable value to the current value.

"On-selected": indicates that a block which is on has been selected by a programmatic request. The block continues to function as if it were On.

"On-deselected": indicates that a block which is on has been de-selected by a programmatic request. The block takes no control actions, but continues to maintain its internal parameters as if it were On. This keeps the block ready to act if selected.

"On-holding": indicates that a block has been put on hold for a specified length of time by a programmatic request. The block takes no control action. A block that has been holding will re-initialize and go back to "On" status when the holding period expires.

"On-Failed usr routin:" this status indicates that a user routine called by this block had a fatal error which was bypassed by the supervisor procedure on the most recent execution of the block. Fatal errors in user routines are reported in the control program log file (not the same as action log files), and can be reviewed using the "List log file" option on the System Functions screen, described in the section on block monitoring.

"On-Recovrd usr Error:" this indicates that a fatal error was bypassed in the user routine, but that the user routine ran successfully on a later execution. Again, the log file will give more details about what happened.

"On-Err . . . :" many abnormal status values can indicate that problems were encountered in block execution, e.g. problems in the input or output of data to control systems. The latter part of the status field gives some indication of the problem. Most such errors are also recorded in the control program log file.

Various other block status values can readily be inserted, along the lines demonstrated by these examples.

Feedback Blocks

FIG. 10 shows a sample of a template 812 presented to the user to define a feedback block. In the specific example shown, the block being worked on is block number three of the 200 available blocks 851, 852, etc., and the various data values shown in this Figure reflect the entries which have been made at some time to define this particular block.

The feedback block provides proportional feedback action. In feedback action, the user specifies a measured value (called the "measured variable") and a goal value (setpoint) at which he wants to maintain it. Feedback action calculates the "error" in the measured variable (measured variable value - goal), and computes its action by multiplying the error times the "proportional gain". The current value of the "manipulated variable" is changed by the amount of the calculated action.

The basic feedback action can be altered by several additional parameters. A deadband around the goal can be specified. If the measured value falls within plus or minus the deadband of goal, no action is taken. The amount of action taken can be limited to a fixed amount. The range over which the value of the manipulated variable can be changed can be limited to keep it within operable limits. Screening limits can be specified on the measured variable value, in which case measured values outside the screening limits will be ignored. Block timing and switching and the block description fields follow the general outlines given above.

Specifying a feedback block on the block setup selection form (FIG. 9) brings up a feedback block setup form, as shown in FIG. 10.

Parameters

The parameters which the user is asked to specify include:

Measured variable type: a number code representing the software system and the type of entity which the block should use for the measured variable. (A sample response might be a number code indicating a Historical database variable.)

Measured variable number: the number of the entity within the specified system which the block will use for the measured variable. For example, if the measured variable type is a historical database variable, the measured variable number is the number of the variable in the historical database. After the measured variable type is entered, the label next to this field will show what type of data is needed. When the measured variable number is entered, other fields will also be filled in: the name and units for the measured variable, deadband and goal; units and default values for the max and min measured values. If block timing is to key off entry of new data into the measured variable, only discretely sampled variable types can be used.

Goal: the value at which the measured variable is to be "held". The value is entered in entered in the units of the measured variable.

Manipulated variable type: a number code representing the "target system"--the software package and the type of entity which the block should manipulate. Examples are: control system loop goal, historical database variable, a setpoint in a distributed control system, or a setpoint for a programmable loop controller.

Manipulated variable number: the number of the entity within the target system which the block will manipulate. For example, if the manipulated variable type is a control system loop goal, the manipulated variable number would be the number of the loop whose goal is to be changed. The label next to this field will show what type of information is needed; in this case the label would show "Cont Sys loop #".

Proportional gain: the constant relating the change in the manipulated variable to the error. The units of the gain are shown to the right of the field after the measured and manipulated variable have been specified. Control action is calculated:

    Error=[Measured variable value-goal value]

    Manipulated delta=Error * [Proportional gain]

The manipulated delta is added (subject to limits) to the current value of the manipulated variable.

Deadband: A range around the goal value. If the value of the measured variable falls within a range defined by the goal plus or minus the deadband, no action is taken.

Timing option, execution time interval, and Key block number: these parameters are those described above.

External switch system and switch number: these parameters are described above.

Maximum manip delta: the maximum change that can be made in the manipulated variable's value in one control action.

Minimum and maximum value of the manipulated variable: limit values outside which control action will not move the value of the manipulated variable. If a computer control action would put the manipulated value outside the limits, the value is set equal to the limit. If the manipulated value is moved outside the limits (by operator action, for example) the next control action will return the value to within the limits.

Minimum and maximum value of measured variable: Screening limits for reasonable values of the measured variable. Any time the measured variable value falls outside these limits, the value will be ignored and no action is taken.

Action log file: this specifies the name of the log file for action logging.

Feedback Block Operation

The sequence of actions performed by each feedback block, when executed by the base cycle routine, is:

If block status is "On-deselected", do no further actions;

Get the current value of the measured variable (If not accessible, set status to "On-err . . . " and do no further actions);

Get the current time stamp of the measured variable;

Test the value of the measured variable. If it is outside the minimum and maximum allowed values, set status to "On-msrd out of lims" and do no further actions.

Get the current value of the manipulated variable. If not accessible, set status to "On-err . . . " and do no further actions.

Compute the error (=Measured value-Goal). If absolute value is less than the deadband, do no further actions.

Compute the change in the manipulated variable:

    Delta.sub.-- manip=Error*proportional Gain

If the absolute delta is greater that the maximum allowed delta, set it equal to the maximum (maintaining proper sign).

Compute the new value of the manipulated variable:

    New manip value=Current manip value+delta.sub.-- manip

If the value is outside the max/min limits, set it equal to the nearest limit. If limited, recompute the delta using the limit.

Change the manipulated variable value to the new value computed. If not accessible, change status to "On-err . . . " and do no further actions.

Load user array values for use by the user routine.

If delta₋₋ manip is not zero, update the past action values and times.

Call the user routine.

Data Passed to the User Routine

In the presently preferred embodiment, each feedback block is able to pass information about its actions to the user routine, by using a commonly accessible memory block named "User₋₋ vars." (The use of this data by the user routines is described in more detail below.) The data passed by the feedback block may include:

"User₋₋ integer(1)" - the time stamp of the measured variable (from the database);

"User₋₋ integer(2)" - the time the action was taken;

"User₋₋ real(1)" - the change in the value of the manipulated variable;

"User₋₋ real(2)" - the computed error; and

"User₋₋ character(1)" - a string (alphanumeric) sequence which describes the block type; for feedback blocks this is set to be=`Feedback`.

Sample Source Code

The source code for the procedure which actually performs this function, in the presently preferred embodiment, is as follows. ##SPC2##

Feedforward Block

FIG. 11 shows a sample of a template 812 presented to the user by the build-supervisor procedure to define a feedforward block. In the specific example shown, the block being worked on is block number six of the 200 available blocks 851, 852, etc., and the various data values shown in this Figure reflect the entries which have been made at some time to define this particular block.

The feedforward block provides proportional feedforward action. In feedforward action, the user specifies a measured value (called the "measured variable") and a manipulated variable whose value is to be changed in proportion to (or, more generally, in accordance with) the change in value of the measured variable. Feedforward action begins when the "old measured value" is set equal to a current value (usually when the block is first turned on). The measured variable is then monitored for changes in value and the manipulated variable value is changed in proportion. The "old measured value" is then updated to the value at the time of this action. (The use of the "old measured value" in feedforward rules is one reason why an initialization stage is needed: if a feedforward block were switched from inactive status directly to on status, it might indicate a very large change to the manipulated variable if the delta were calculated from an out-of-date "old measured value.")

In the presently preferred embodiment, the basic feedforward action can be altered by several additional parameters. A deadband can be specified, so that, if the measured value changes by less than the deadband, no action is taken. The amount of action taken can be limited to a fixed amount. The range over which the value of the manipulated variable can be changed can be limited to keep it within operable limits. Screening limits can be specified on the measured variable value, so that measured values outside the screening limits are ignored. Block timing and switching options and the block description fields follow the general outlines given above.

In the presently preferred embodiment, specifying a feedforward block on the block setup selection form (FIG. 9) brings up a feedforward block setup form like that shown in FIG. 11.

Parameters

The parameters are:

Measured variable type: a number code representing the software system and the type of entity which the block should use for the measured variable.

Measured variable number: the number of the entity within the specified system which the block will use for the measured variable. For example, if the measured variable type is a historical database variable, the measured variable number is the number of the variable in the historical database. After the measured variable type is entered, the label next to this field will show what type of data is needed. When the measured variable number is entered, other fields will also be filled in: the name and units for the measured variable, deadband; units and default values for the max and min measured values. If block timing to key off entry of new data into the measured variable, only discretely sampled variable types can be used.

Goal: the goal field cannot be used for feedforward blocks.

Manipulated variable type: a number code representing the software package and the type of entity which the block should manipulate. Examples are: control system loop goal, historical database variable.

Manipulated variable number: the number of the entity within the specified system which the block will manipulate. For example, if the manipulated variable type is a control system loop goal, the manipulated variable number would be the number of the loop whose goal is to be changed. The label next to this field will show what type of information is needed; in this case the label would show "Cont Sys loop #".

Proportional gain: the constant relating the change in the manipulated variable's value to the change in the measured variable's value. The units of the gain are shown to the right of the field after the measured and manipulated variable have been specified. Control action is calculated as:

    Measured delta=[Measured variable value-Old value]

    Manipulated delta=Measured delta * [Proportional gain]

The manipulated delta is added (subject to limits) to the current value of the manipulated variable.

Deadband: A range around the " old measured value" (i.e. the measured value at the time of the last block action). If the value of the measured variable is within plus or minus the deadband of the old measured value, no action is taken and the old measured value is not changed.

Timing option, execution time interval, and Key block number: these parameters are described above.

Switch system and switch number: these are described above.

Maximum output delta: the maximum change that can be made in the manipulated variable's value in one control action.

Minimum and maximum value of the manipulated variable: limit values outside which control action will not move the value of the manipulated variable. If a computer control action would put the manipulated value outside the limits, the value is set equal to the limit. If the manipulated value is moved outside the limits (by operator action, for example) the next control action will return the value to within the limits.

Minimum and maximum value of measured variable: These define screening limits for reasonable values of the measured variable Whenever the measured variable value falls outside these limits, the value will be ignored and no action is taken.

Action log file: this field is described above.

The use of a deadband in feedforward blocks is one of the features which tend to force process control into discrete steps, rather than continuous small changes. One advantage of this novel teaching is that full logging can be used: every single change made by the supervisor procedure can be logged, without generating an excessive number of messages. This in turn means that monitoring, diagnosis, and analysis of processes (and of process control systems) becomes much easier.

Block Operation

The sequence of actions performed by a feedforward block is:

Get the current value of the measured variable (If not accessible, set status to "On-err . . . " and do no further actions);

Test the value of the measured variable. If it falls outside the allowed range of values, set status to "On-msrd out of lims" and do no further actions.

Compute the change in the value of the measured variable

    Delta measured=Measured value-Old measured value.

If the absolute value of the change is less than the deadband, do no further actions.

Compute the change in the manipulated variable:

    Delta.sub.-- manip=Delta measured * Proportional gain.

Set "old measured value" equal to the current value of the measured variable.

If block status is "On-deselected", do no further actions;

Check the magnitude of the manipulated value delta. If greater than the maximum allowed delta, set magnitude equal to the maximum.

Get the current value of the manipulated variable. If not accessible, set status to "On-err . . . " and do no further actions.

Compute the new value of the manipulated variable:

    New manip value=Current manip value+delta.sub.-- manip.

If the value is outside the max/min limits, set it equal to the nearest limit. If limited, recompute the delta using the limit.

Change the manipulated variable value to the new value computed. If not accessible, change status to "On-err . . . " and do no further actions.

Load user array values for use by the user routine.

If delta₋₋ manip is not zero, update the past action values and times.

Call the user routine.

Data passed to the user routine

The feedforward block passes information about its actions to the user routine through the User₋₋ vars common block. The use of this data is described in more detail in the chapter covering User routines. In the presently preferred embodiment, the data passed by the feedforward block includes:

User₋₋ integer(1) - the time stamp of the measured variable;

User₋₋ integer(2) - the time the action was taken;

User₋₋ real(1) - the change in the value of the manip variable;

User₋₋ real(2) - the change in the value of the measured variable from the last time the "old measured value" was updated;

User₋₋ character(1) -=`Feedforward`.

Sample Source Code

The source code for the procedure which actually performs this function, in the presently preferred embodiment, is as follows. ##SPC3##

Statistical Filtering Blocks

FIG. 12 shows a sample of a template 812 presented to the user by the build-supervisor procedure to define a statistical filtering block. In the specific example shown, the block being worked on is block number one of the 200 available blocks 851, 852, etc., and the various data values shown in this Figure reflect the entries which have been made at some time to define this particular block.

The Shewhart block provides statistical filtering of a sampled measurement using Shewhart tests. The user specifies an aim value (field 1222 in FIG. 12) and a standard deviation (sigma) (field 1224 in FIG. 12) which characterizes the normal variability in the measurement. The Shewhart tests a series of rules to determine whether the sequence of measurements are statistically the same as ("on aim") or different from ("off aim") the normal variability with the average at the aim. After each test, the Shewhart block stores in the process database an estimate of the deviation from aim and a value indicating what rule was broken.

In the presently preferred embodiment, Shewhart blocks do not allow timing options to be specified. They perform their tests only when a new measurement is entered into the database for the filtered variable. In the presently preferred embodiment, the conditions tested for by the Shewhart block are:

Was the last point more than 3 sigma different from aim?

Were two of the last three points more than 2 sigma different from aim in the same direction?

Were four of the last five points more than 1 sigma different from aim in the same direction?

Were the last seven points all off aim on the same side of aim? The rules are tested in the order shown. For the second and third rules, the test is first applied to the last two (or four) points in a row, then to the last three (or five) points. If any rule is violated, the process is off aim, and a deviation from aim is calculated by averaging the points which broke the rule. For example, if the last four points were outside the 1 sigma limit, the average of the four is taken as the deviation. If four of the last five points were outside the 1 sigma limits, the average of the last five points is taken.

The basic Shewhart action can be altered by several additional parameters. A fix time interval can be specified (in field 1226), so that, if one of the Shewhart tests shows a rule violation, Shewhart tests will be suspended for this interval after the time of the sample that violated the rule. This is useful in process control to allow control action in response to a rule violation to have time to move the process back to a statistically "on aim" position before taking any further actions. The range of calculated deviations can be limited, as specified by the data entered into fields 1228 and 1230. Screening limits can be applied to the filtered variable, so that measurements falling outside the range defined in fields 1232 and 1234 are ignored.

The Shewhart block differs from the feedback and feedforward blocks in that it requires resources outside of the supervisor procedure. It uses two process database variables to store its computed deviation from aim and its rule value. To configure a Shewhart block, in this sample embodiment, the user must get database variables allocated and properly configured. Since this is usually a database system manger's function, the details are not covered here.

Specifying a "Shewhart" (i.e. statistical filtering) block on the block setup selection form (FIG. 9) brings up the Shewhart block setup form shown in FIG. 12.

Parameters

The parameters shown on this form include:

Filtered variable type: a number code representing the software system and the type of entity which the block should use for the filtered variable.

Filtered variable number: the number of the entity within the specified system which the block will use for the filtered variable For example, if the filtered variable type is a historical database variable, the filtered variable number is the number of the variable in the historical database. After the filtered variable type is entered, the label next to this field will show what type of data is needed. When the filtered variable number is entered, other fields will also be filled in: the name and units for the filtered variable, aim, and sigma; units and default values for the max and min filtered values. Since Shewhart block timing always keys off entry of new data into the filtered variable, only discretely sampled variable types can be used.

Deviation variable type: a number code representing the software system and the type of entity into which the block should store the computed value of deviation from aim.

Deviation variable number: the number of the entity within the specified system into the block will store the computed deviation from aim. For example, if the deviation variable type is a historical database variable, the deviation variable number is the number of the variable in the historical database. After the deviation variable type is entered, the label next to this field will show what type of data is needed. When the deviation variable number is entered, other information will be automatically filled in by the build-supervisor procedure; in the example of FIG. 12, region 1236 indicates the pre-stored designation of historical database variable 2084. Such automatically completed information will preferably include the name and units for the deviation variable; units and default values for the max and min deviation values. Since Shewhart blocks execute on entry of new data into the filtered variable, only discretely stored deviation variable types can be used.

Rule variable type: a number code representing the software system and the type of entity into which the block should store a number code indicating which rule was broken.

Rule variable number: the number of the entity within the specified system into the block will store a number code indicating which rule was broken. For example, if the rule variable type is a historical database variable, the rule variable number is the number of the variable in the historical database. After the rule variable type is entered, the label next to this field will show what type of data is needed. When the rule variable number is entered, the name and units for the rule variable will also be filled in. Since Shewhart blocks execute on entry of new data into the filtered variable, only discretely stored rule variable types can be used.

Aim: the "on aim" value of the filtered variable.

Sigma: the standard deviation of the value of the filtered variable when the measurement is "on aim".

Fix time: A time interval after rule violations during which no rule tests are done. New measurements entered during the fix time interval are ignored. The fix time is entered as a delta time character string: "ddd hh:mm:ss" where "ddd" is the number of days, "hh" is the number of hours, "mm" is the number of minutes, and "ss" is the number of seconds. The fix time is taken from the timestamp of the filtered variable value which caused the deviation to be identified. The timestamp of later samples is compared against this, and if the difference is less than the fix time interval the sample is ignored.

Switch system and switch number: these are described above.

Minimum and maximum value of the calculated deviation: limits on the allowed value of the calculated deviation from aim. Deviations outside this range are set equal to the closest limit.

Minimum and maximum value of filtered variable: Screening limits for reasonable values of the filtered variable. Any time the filtered variable value falls outside these limits, the value will be ignored and no action is taken.

Action log file: this field is described above.

Block Operation

In the presently preferred embodiment, the sequence of actions performed by the Shewhart block is:

    ______________________________________                                         If the block status is "On-deselected", do                                     no further calculations.                                                       Retrieve the last 7 values of the filtered                                     variable. If not available, do no further calculations.                        Check the last value of the filtered                                           variable. If it is outside the allowed limits, do no                           further calculations.                                                          Search backward through the stored values of                                   the deviation variable for the most recent non-zero                            value. If a non-zero value is found within one fix time                        interval before the present instant, do no further                             calculations.                                                                  Compute the cutoff time = time of last                                         non-zero deviation plus the fix time.                                          Initialize the deviation and rule values (to                                   zero).                                                                         Begin testing Shewhart rules:                                                  *If the last point is older than the                                           cutoff time, do no further calculations.                                       *If the last point is outside the 3                                            sigma limits (i.e. Abs(point-aim) is greater than 3                            sigma), then:                                                                  Deviation = Last point - aim                                                   Rule = 1                                                                       Skip remaining rules.                                                          *If the second newest point is older                                           than the cutoff time, Skip remaining rules.                                    *If the last 2 points are both either                                          greater than aim + 2 sigma or less than aim - 2 sigma,                         then:                                                                          Deviation = Sum(last 2 points)/2 - Aim                                         Rule = 3                                                                       Skip remaining rules.                                                          *If 2 out of the last 3 points are both                                        either greater than aim + 2 sigma or less than aim - 2                         sigma, then:                                                                   Deviation = Sum(last 3 points)/3 - Aim                                         Rule = 3                                                                       Skip remaining rules.                                                          *If the last 4 points are all either                                           greater than aim + sigma or less than aim - sigma, then:                       Deviation = Sum(last 4 points)/4 - Aim                                         Rule = 5                                                                       Skip remaining rules.                                                          *If 4 of the last 5 points are all                                             either greater than aim + sigma or less than aim -                             sigma, then:                                                                   Deviation = Sum(last 5 points)/5 - Aim                                         Rule = 5                                                                       Skip remaining rules.                                                          *If all of the last 7 points are greater                                       than aim or all less than aim, then:                                           Deviation = Sum(last 7 point)/7 - Aim                                          Rule =  7                                                                      Skip remaining rules.                                                          Check and store result:                                                        *If the deviation is outside the                                               allowable limits, set equal to the closest limit.                              *Store the deviation value and rule                                            value in the respective variables. These values are time                       stamped the same as the last filtered value.                                   If the deviation is non-zero, update past                                      actions.                                                                       Call the user routine.                                                         ______________________________________                                    

Of course, other statistical filtering methods could be used instead. It is generally realized that statistical filtering is highly advantageous, and that numerous algorithms can be used to accomplish statistical filtering. The Shewhart algorithm used in the presently preferred embodiment could be replaced by any of a wide variety of other known algorithms.

Sample Source Code

The source code for the procedure which actually performs this function, in the presently preferred embodiment, is as follows. ##SPC4##

User-Defined Program Block

FIG. 13 shows the form which (in the presently preferred embodiment) is presented to a user who has chosen the "User program" option from the menu shown in FIG. 9.

The user program block provides a means of controlling the execution of a user written FORTRAN subroutine. The block itself performs no control actions, but allows the user to specify a timing option and switch parameters for executing the block's user routine. A user routine exists for every block in the supervisor procedure. (In the example shown in FIG. 13, where the block shown is block number 2, the block will (selectively) make calls to BLOCK2₋₋ USER ROUTINE.) Initially these routines (BLOCK1₋₋ USER ROUTINE, BLOCK2₋₋ USER ROUTINE, BLOCK3₋₋ USER ROUTINE, etc.) do nothing (i.e., their default content is merely the FORTRAN statements Return and End), but they can be modified by the user. The user program block only sets up parameters for controlling execution of the user program.

The user program timing options include keying off a measured variable. In this case the variable is not used for anything but timing. This option can be altered by specifying screening limits on the measured variable value (using fields 1332 and 1334), so that measured values outside the screening limits are ignored. Block timing and switching and the block description fields follow the general outlines given above.

Parameters

The parameters are:

Measured variable type: a number code representing the software system and the type of entity which the block should use for the measured variable.

Measured variable number: the number of the entity within the specified system which the block will use for the measured variable. For example, if the measured variable type is a historical database variable, the measured variable number is the number of the variable in the historical database. After the measured variable type is entered, the label next to this field will show what type of data is needed. When the measured variable number is entered, other fields will also be filled in: the name and units for the measured variable; units and default values for the max and min measured values.

Timing option, execution time interval, and Key block number: these parameters are described above.

Switch system and switch number: these are described above.

Minimum and maximum value of measured variable: These define screening limits for reasonable values of the measured variable. Whenever the measured variable value falls outside these limits, the value will be ignored and no action is taken.

Action log file: this field is described above.

Program Block Operation

The sequence of actions performed by a User program block is:

If block status is "On-deselected", do not execute the user routine.

If a measured variable is specified:

* Get the current value of the measured variable (If not accessible, set status to "On-err . . . " and do not execute the user routine).

* Test the value of the measured variable. If it outside the range of allowed values, set status to "On-msrd out of lims" and do not execute the user routine.

Execute the user routine. The routine name is derived from the block number. Block 1 calls B1ock1₋₋ user₋₋ routine , block 199 calls Block199₋₋ user₋₋ routine, etc.

If a fatal error occurs in the user routine, bypass the rest of the routine, and set the block status to "On-Failed usr routin".

If the block failed on the last execution, but did not fail on this execution, set the block status to "On".

Clear all the values in the user₋₋ vars common block.

Build-User-Program Procedure

The build-supervisor procedure (in the presently preferred embodiment) also provides a structured environment for creating user programs. As will be described below, the build-expert procedure will create the source code for one or more customized expert systems; but the user must still insert a call to this expert code into one of the blocks in the supervisor procedure. The build-user-program procedure facilitates this, and also provides convenient support for sophisticated users who are able to write their own utilities.

In the presently preferred embodiment, this is a structured environment in which users can write FORTRAN subroutines and incorporate them into control blocks. User programs can be run as the only block function by defining a User Program block (as described above), or they can be used to take additional actions (such as message logging) in combination with feedback or feedforward control blocks.

At a minimum, a user with no programming knowledge can insert a one-line call into a user program block, to make use of an expert subprocedure created using the build-expert procedure. However, to take full advantage of the capability for user programming, the user should (in the presently preferred embodiment) already be comfortable programming in FORTRAN and using FORTRAN functions and subroutines, and in using the Vax EDT editor. The build-user-program environment 1810 in this embodiment is menu driven rather than forms driven, and therefore provides less online help than some of the other functions described.

Writing a basic user program involves 5 steps:

Selecting which block number's user program to edit;

Editing the file which contains the user program code for that block. The EDT editor 1812 is used to write and modify the FORTRAN language code;

Checking the code for errors in FORTRAN syntax;

Updating the supervisor procedure by incorporating the latest version of the user program into the base cycle procedure and running the new base cycle procedure; and

Monitoring user program execution to assure that the program is executing properly.

In the example shown in FIG. 16, the top level build-supervisor menu permits the user to enter the build-user-program environment by pressing keypad 5. While in the build-user-program environment, the user can edit the block user routine; check the block user routine for errors in FORTRAN syntax; and update the supervisor procedure by incorporating the new version of the block user routine. The first prompt from the user program menu asks what block number's routine the user wants to work on. Entering the block number and pressing return brings up another program menu, with options which will now be described.

Editing the user routine begins by selecting menu option 1 ("Edit user routine"). This will start the EDT editor. User routines of some sort already exist for all the blocks. Blocks which have never had any special programming have a user routine which does nothing--it consists simply of a RETURN statement followed by an END statement, and, if the block's user routine has never been worked on, this default routine will be brought up by the editor. To make a functioning routine, the user must add FORTRAN code before the RETURN statement to perform the desired function. (In the presently preferred embodiment, the user can simply edit the file like any other FORTRAN source code file on the VAX.) For example, code for logging messages or calling an expert subroutine can be inserted at this point.

Once the user has edited the user routine and returned to the menu, he can select option 5 to check for FORTRAN syntax errors. If the new routine has no FORTRAN syntax errors, the screen will show "The user's routine compiled with no errors in syntax." If the new coding has syntax errors, the user will see them reported on the terminal screen. The user can then correct the errors using Option 1 (edit), and repeat until all errors have been removed.

Once the user has a routine that compiles with no errors, he can include it in the running version of the supervisor procedure by using menu option 8 ("Update"). This will compile the user's routine, relink the base cycle procedure using the user's newly compiled routine, stop the procedure which is currently running, and restart the base cycle procedure using the newly linked version containing the user's new routine.

After compiling the user's routine, the build-supervisor procedure will ask if there are any other subroutines in separate files that need to be compiled. Some application may require more than one subroutine, and, if desired, they can be split up in separate files. To make a routine in a separate file, the user can select option 2 ("Edit a separate FORTRAN subroutine") to create and modify the file, and then select option 6 ("Check a separate subroutine for FORTRAN errors") to check for FORTRAN errors. To include the separate file into the supervisor procedure, the user can use the update option, then answer "Y:" when asked if any separate routines need to be compiled and included. The base cycle procedure can then be linked, and then restarted.

After the user's routine has been incorporated into the base cycle procedure, the user can monitor it to make sure it executes properly. There are two key indicators of a problem with the user's user routine: the block status and the control program log file. If the user's routine has an error which would normally cause a stand-alone FORTRAN program to terminate, the base cycle procedure will bypass the error and the remainder of the user's routine, and change the block status to "On-Failed usr routin". This can be seen using the block monitoring screen. If the user's routine fails once but runs successfully on a subsequent execution, the block status will be changed to "On-Recovrd Usr Error", and a message will be posted in the control program log file indicating which user routine had the error, when it occurred, and what the error was. The log file can be viewed using the "List log file" option on the System functions screen.

The user can print a listing of a user routine by using option 3 (or option 4 for a separate routine).

If the user's user routine fails and the user needs to retreat to the last version that was running, he can use the restore option (keypad 9). This will prompt the user for any separate routines that need to be restored, and retrieve the old versions saved by the build-supervisor procedure.

In the presently preferred embodiment, there are several include files which can be used in user routines: "User₋₋ vars.inc" contains a common block which is used to pass information about control block actions to user routines. The common block contains a Real array, an integer array, and a character*80 array. Control blocks load values into these arrays for the amount of change made in the manipulated variable, the error in a feedback block, the time the action was taken, etc. The user program block zeros out these values after the user routine executes a RETURN statement. "ACSserv.inc" declares all the ACS service routines (which are integer*4 functions). "ACSstatus.inc" declares all the legal ACS status return values. These values must be declared external before they can be used. "Van₋₋ functions.inc" declares some of the retrieval and time functions from the historical process database, and declares some of the status return values.

Of course, many different computer languages and architectures could be used in practising the present invention: the sample FORTRAN routines specified (as well as other features which, for example, relate specifically to the use of a VMS operating system) simply sets forth the best mode as presently practiced, but a tremendous variety of other languages, operating environments, and/or hardware could be used instead.

Block-Handling Utilities

FIG. 14 shows a menu which is preferably presented to a user who has elected to use the utilities provided in the build-supervisor procedure (e.g. by hitting keypad 9 when faced with the menu shown in FIG. 16). While these utilities are not necessary parts of every implementation of the innovative concepts described in the present application, they do help users to take advantage of the full power available.

In the presently preferred embodiment, the supervisor procedure includes the capabilities for copying and deleting blocks, and for printing listings of block setup parameters. Deleting a block (Keypad 7) removes all the block type and setup parameter data for the block, leaving it available for another use. Copying a block (Keypad 8) reproduces the block type and setup parameters of one block into another. Printing blocks (Keypad 9) allow the user to select blocks to be printed either by number range or by searching for string matches in the application name or block description fields, and makes full or abbreviated listings of block parameter data on the printer of the user's choice.

If the user elects to copy a block, the build supervisor procedure prompts the user to enter in the "Source block" field 1402 the number of the block to copy. The build-supervisor procedure then fills in the information fields appropriately for that block, allowing the user to confirm that he has entered the right block number, and prompts the user again for the target block into which the block should be copied (field 1404). After this is entered the build-supervisor procedure fills in the information fields for the target block, and prompts the user again. When the user confirms that the block is to be copied, the block type and parameters are overwritten in the shared memory 814. After the block is copied, the build-supervisor procedure prompts the user again, asking whether the source block should be deleted or left unchanged. The build-supervisor procedure confirms that the source block was either deleted or not deleted.

Block information can only be copied into target blocks whose status is "Off" or "Inactive". To copy information into a block with an active status, the user must go to the block setup form for that block, and toggle the block off. This safeguard provides greater system integrity.

In the presently preferred embodiment, keypad 9 will initiate printing a listing of selected block parameters. The build-supervisor procedure will prompt the user to enter in field 1410 for the starting range of block numbers to print, or to hit return if he wishes to select blocks by string searches. To print a range of block numbers, the user can enter the lowest number block in the range, press return, then enter the higher number block (in field 1412) and press return. To select the blocks to be printed by search for string matches, the user can press return without entering a number for the starting block. To search the block description fields, the user can enter the desired string in the description search string field 1406. To search the block application name field, the user can press return without entering anything in the description field, and enter the desired string when prompted in the application name field 1408. In either case, the user can use capital and lower case letters interchangeably, since case is not checked in the string searches. The user need not fill in the whole search string field. A block will be selected to print if the string the user enters appears anywhere in the searched field.

The build-supervisor procedure will now prompt the user for a short or long list. A short list shows only the block number, type, description, and application name. A long list shows the entire setup form for that block. The build-supervisor procedure will clear the screen and prompt the user for the printer he wishes to use. The user can type the number of the printer if he knows it, or enter L to get a list of printers to choose from. The user's terminal screen and its attached printer can be selected, as well as Vax system printers. When the print job is completed, the build-supervisor procedure will report the number of blocks that were printed.

Monitoring

In addition, the supervisor procedure provides several functions for following the performance of control strategies as they operate. The block monitoring screen allows the actions of individual blocks to followed. The system functions screen shows the status of the supervisor procedure. The control system runs as a batch-type process on the Vax, and so it has a log file which contains all the error messages generated by the system.

A user who requests block-monitoring is presented with a block description form which includes a block number field in which he can insert the number of the block to be monitored. The remaining fields on the form then are filled in appropriately by the build-supervisor procedure, and are subsequently updated every 5 seconds. The information shown includes:

the current time;

the time at which the supervisor base cycle procedure will make its next scan through the blocks (and blocks which are due to execute will be executed);

the block type (which was specified during block setup, e.g. feedforward, feedback, etc.);

the block description (which was entered during setup);

the type, number, name and units of the measured variable which was specified in block setup (if none was specified (e.g. in a program block), this field will be blank);

the current value and time stamp of the measured variable (the time stamp for compressed variables is the time the last new value was received; for manual entry variables it is the time stamp of the last entered value; and if no measured variable was specified, this field is blank);

the goal value for feedback blocks (for other block types, this field is empty);

the number, name, units and type of manipulated variable;

the current value of the manipulated variable (with time stamp if one has been defined);

the timing option entered during block setup;

the execution time interval specified during block setup. If the block timing does not include any fixed frequency, this field is blank.

the time the block last did its scheduled actions (this is normally the last time the block was scheduled to execute according to its timing option parameters, regardless of whether the block acted to change the manipulated variable);

the current status of the block; and

the last five control actions made by the block (or, for Shewhart blocks, the last five deviation values) and the times at which they occurred.

In the presently preferred embodiments, a similar overhead function permits the user to take a look at the current status of key system parameters, including:

Base scan interval: the time interval at which the base cycle procedure scans through all the properly configured blocks, checking for changes in the on/off status, testing each according to its timing option and status to determine whether it should execute, and executing those that are due to execute.

Next base cycle time: the time at which the supervisor procedure will actually do the next scan. This time should always be in the future, and should never be more than the base scan interval away.

Current system status: provides information about what the supervisor procedure system is currently doing. Since the supervisor procedure only does its actions once every base scan interval, the system spends most of its time sleeping--i.e. waiting for the next cycle time to come. The normal system status values are:

* Running-Sleeping: the normal status value. All control actions on the last scan have completed and the system is waiting for the next scan.

* Running-Computing: the system is currently performing block checks and executing blocks. Since calculations in the supervisor procedure finish rather quickly, this status will rarely be seen.

* Terminated normally: This status indicates that the supervisor procedure system has been stopped in an orderly way. Normally this status value will only be seen if the system manager has stopped the system, or briefly when a user performs the Update function on the user program menu.

An authorized user can change the base scan interval, stop the supervisor process (together with any auxiliary processes used for communication with PCS or other control systems), restart the supervisor process (and any auxiliary processes), or view the log file to which the base cycle procedure writes error reports and messages.

Block Initialization

Blocks are initialized when they are first turned on, or when the supervisor procedure is restarted after an outage of 30 minutes or more and the block had already been on. Block initialization sets the "last execution time" of the block to the current time. The "last execution time" value is used in fixed interval timing and also as a block monitoring parameter. If the block has a measured variable, the "last measured time" is set equal to the current time of the measured variable. This parameter is used when block timing is keyed off the measured variable. If the block timing is set to key off another block, the key block time is set equal to the last execution time of the key block. For feedforward blocks, the "old measured value" is set equal to the current value of the measured variable.

Build-Expert and Expert Procedures

The procedures for constructing an expert system from a domain expert's knowledge will now be described, together with the procedures by which the expert system is called up by the operating software (preferably the process control supervisor procedure, as described above).

It should be noted that the structures and advantages of the build-expert procedure are not entirely separate from those of the expert procedure (or procedures) generated thereby. The two procedures are preferably operated separately, but they are designed for advantageous combination. The features of the expert procedure are partly designed to advantageously facilitate use of the build-expert procedure, and the features of the build-expert procedure are partly designed to advantageously facilitate use of the expert procedure.

The build-expert procedure works especially advantageously as an integral part of the supervisor procedure, which (in the presently preferred embodiment) is a VAX-based layered control system. The build-expert procedure produces complete FORTRAN subroutines that execute the expert actions. The supervisor procedure (e.g. via a user program block) provides the functions for running an expert subroutine at specified times, and also provides callable routines that can be used by these subroutines to make and modify supervisor actions. The build-expert procedure can be used without the preferred supervisor procedure, but the user must provide a host program running at appropriate times to call the subroutines.

Preferred Menu Structure

In the presently preferred embodiment, the build-expert procedure is accessed by selecting the "User program" option on the top-level menu in the build-supervisor procedure (see FIG. 16), entering the desired block number, and then selecting the Expert system development option on the user program menu. This will take the user to the build-expert procedure, which (in the presently preferred embodiment) presents a menu as shown in FIG. 17.

From this menu the user can access setup templates for the 3 rule types. The user also has access to functions for printing the rulebase, and for building a new expert subroutine.

The rule templates used in the build-expert procedure allow the user to enter and modify the specification information for rules. The build-expert procedure is different from the build-supervisor procedure in the way it handles data. When a rule name is entered in the build-expert procedure and the RETURN or TAB key pressed, the letters are capitalized and the embedded spaces are transformed to underscores. This is how the build-expert procedure stores all character data. The other fields on rule templates are not transformed like this until the rule is stored. When the rule is recalled onto the template, the other fields will be capitalized with embedded blanks changed to underscores. In the presently preferred embodiment, the rule name, data type, and data number fields are the only fields on the rule templates for which the user's entry is checked immediately (others may be modified in the future to do this). The remaining fields can be filled in with any data that the template allows (some fields accept only integers, some only alphabetics, etc). The data on the remaining fields is tested only when the user presses the keypad "-" to store the rule. The build-expert procedure then examines the data for errors, and requests corrections if needed. The build-expert procedure always checks rule names (and condition names) to be sure they are valid and meaningful where entered. In the presently preferred embodiment, the build-expert procedure checks other data for most errors, but it does not check for all conceivable errors. Data entered on a rule template is NOT stored until the keypad "-" key is pressed to store the rule. Data on a template will not be stored if the rule name field is blank. Data on a template can be lost if the user enters the data, then modifies the rule name field before pressing keypad "-". All the rule templates have a "delete rule" (keypad "-") and "top of form" (keypad 9) softkey. The delete rule key will ask the user to confirm the deletion by pressing the key again, and then deletes the rule from the rulebase. The top of form key simply takes the user to the top of the template.

After all the rules have been entered, the FORTRAN expert subroutine must be generated using keypad 9, "Generate Expert". Changes made in the rules will not become effective until the expert is rebuilt. When the build-expert procedure is used within the build-user-program environment (as discussed above), the FORTRAN subroutine is generated in the same directory with the user program and is named Blockn expert system.for, with the subroutine name Blockn expert system (n is the number of the block being worked on.) To use the expert from within the supervisor procedure, a one line user program must be written to call the expert. The one executable line is:

Call Blockn₋₋ expert₋₋ system.

Standardized Data Interface

The build-expert procedure uses a standard data interface. In the presently preferred embodiment, data sources are specified by a pair of integer parameters. One, the "data type", is a coded value which identifies the type of data desired and the data collection system from which the data is to come. The second, the "data number", identifies the specific data entity of that type within that system. Some data types (e.g. time averages) require a third parameter specifying the time over which to average.

This system has several advantages. First, it provides a simple method of data identification in a many-system environment. Secondly, it allows the rules to easily reference data of many types from many diverse (and possibly remote) sources without requiring the user to write any custom program code for data retrieval. Some useful data sources might include: any lower level process control system; any supervisor process (whether running on the same hardware system or another); any process database (whether running on the same hardware system or another); of any computer which collects or generates data ("computer" being defined vary broadly to include, e.g., any system which includes a microprocessor, such as a microprocessor based single loop controller).

In the presently preferred embodiment, the data types allowed by the build expert procedure are: (1) the latest value of a database variable; (2) a time weighted average over a given time interval of the value of a database variable; (3) a simple average over a given time interval of the discrete data values of a database variable; (4) the feedback error of a feedback block in the supervisor process; (5) the change in the value of the measured variable of a supervisor feedforward block since the last time the block acted; (6),(7) the goal values of control loops in two particular lower level control systems; (8) the second most recent value of a discretely sample process database variable; (9),(10) the maximum and minimum limits for the manipulated variable value in a supervisor control block. Other sources could be used, for example any kind of parameter from any of the systems named in the previous paragraph, or system lexical functions (such as the system clock). As a further alternative, it might also be advantageous in some embodiments to make one of the options here a one-line blank, in which the user could enter a pointer to a callable procedure to fetch a variable value.

In the presently preferred embodiment, the user must specify the data type before the data number. When the data type is entered, a prompt line pops up on the template indicating the specific data type, which aids the user in entering the proper value for the data number. When the data number is entered, it is tested to be sure it is a meaningful entry for the data type specified. Some additional information is then displayed (such as a variable name and its units) to aid the user in confirming his input. These fields also serve to aid understanding of rule function and meaning when recalled for review or modification.

Constructing the Expert System

An expert system goes through four steps in using knowledge: (1) The expert gets information from the outside world; (2) analyzes that information using its rules; (3) deduces the correct conclusion from its analysis; (4) communicates its decision to the outside world.

Rules state that WHILE one thing is true THEN something else must be true. For example, WHILE the composition of water in the Feed mix drum is greater than 12%, we say "FEED MIX WATER COMPOSITION" is "HIGH". Or, WHILE "FEED MIX WATER COMPOSITION" is "HIGH", AND "DEHY COLUMN BOTTOMS WATER" is "HIGH", we say "TOTAL SYSTEM WATER" is "TOO HIGH". WHILE "TOTAL SYSTEM WATER" is "TOO HIGH", we "Give a high water warning message."

This simple example shows the three basic types of rules which are used in the build-expert procedure: the sample retrieval rule described tests the VALUE (12%) of a process measurement (FEED MIX WATER), and assigns a value (HIGH, LOW, etc.) describing the condition of the measurement. The sample analysis rule given tests for combinations of values defined by other rules. If it finds the combination, the analysis rule creates a new condition (TOTAL SYSTEM WATER) and assigns a value (TOO HIGH) describing that condition. The sample action rule described tests for one specific condition (TOTAL SYSTEM WATER) has one specific value (TOO HIGH), and takes a specified action (Give a high water warning message).

Sample Expert System

An example of construction of an expert system using novel methods and system as set forth in the present application will now be described in detail. The sample system here chooses an optimum control action from among three possibilities. A key element of the problem here is to control the composition of by-product MFB in the product stream of a refining train like that shown in FIG. 7. MFB is separated in two columns in series. Essentially equivalent response in MFB composition can be achieved by changing the steam flow to either column. Both columns use high value steam in their reboilers. The first, the Xylene column, dumps the steam energy to cooling water. The second column, the MFB column, recovers most of the energy by generating steam overhead. Equipment limitations constrain both steam flows to within high and low limits.

As column feed rate varies, steam loading can change from minimum steam on both columns to maximum steam on both columns. The optimum operation maximizes steam on the low cost column (MFB) and minimizes steam on the high cost column (XYL).

In this example, control of the MFB composition is done statistically. The laboratory measurements of MFB are statistically tested using Shewhart tests. The Shewhart tests determine the on aim status of MFB: Off aim high, Off aim low, or on aim. When MFB is off aim, the Shewhart test generates an estimate of how far off aim MFB is. This estimate can be used to compute the feedback action needed to bring MFB back to aim: off aim high requires an increase in steam to the two columns, off aim low requires a decrease.

The expert system which is sought to be developed should instruct the supervisor procedure to make the least cost control action. Plant startup, problems, or poor manual operation may distribute steam in a non-optimal way, and this cannot be known beforehand. The objective will be to move toward the optimum steam distribution through control action response to off aim conditions. Steam will not be shifted for cost savings only, since this complicates control and may negatively affect quality.

Although this may seem like a trivial decision, it actually involves considering 3 variables in the correct sequence. This is where the "expertise" gets into the "expert" system. Developing the logic is the task of the human expert, and the system disclosed herein merely expedites the transfer of that logic into the expert system. The process control decision tree which will be implemented, in the sample embodiment described, is as follows: First, decide whether to add or cut steam:

(1) If adding steam:

(1.1) First check the MFB column. If MFB column steam below maximum, add steam here.

(1.2) If the MFB column steam is maximum, then

(1.2.1) Check the Xylene column. If xylene column steam is below the maximum, add steam here.

(1.2.2) If xylene column steam is maximum, the user cannot add steam. To get MFB on aim, feed to the column must reduced. Cut column feed.

(2) If cutting steam:

(2.1) First, check the xylene column. If xylene column steam is above the minimum, cut steam here.

(2.2) If xylene column steam is minimum, then

(2.2.1) Check the MFB column. If MFB columns steam is above minimum, cut steam here.

(2.2.2) If MFB column steam is minimum, the user cannot cut steam. To get MFB on aim, Feed to the column must be increased. Add column feed.

It is highly desirable that the decision tree being implemented should cover all the possible cases, and that the conclusions should be mutually exclusive. If it does not cover all the possible cases, the expert will sometimes be unable to come to a conclusion. If the conclusions are not mutually exclusive, then more than one conclusion could exist. Although this might logically be possible, this condition might mean unpredictability as to which conclusion will be reached, so that there would not be a reproducible basis for action.

Domain experts, in performing the analytical steps which the expert system should ideally emulate, will carry out many steps implicitly; but implementing a process in a computer requires that each step be expressly spelled out. To make the decision, the user must first specify:

what measurements will be used to evaluate the process condition (in this example, MFB₋₋ STEAM, XYL₋₋ STEAM, DIRECTION₋₋ OF₋₋ CHANGE);

what ranges of values of the measurements (e.g. 40>XYL₋₋ STEAM) match what status values for the measurements (e.g. MID₋₋ RANGE);

what combinations of status values (e.g. MFB₋₋ STEAM is MAX and XYL₋₋ STEAM is MIN, and DIRECTION₋₋ OF₋₋ CHANGE is ADD) will result in what other conditions (e.g. ACTION is CHANGE₋₋ XYL₋₋ STEAM);

what must be done to make the desired action happen.

The detailed specifications needed to handle this problem are defined as follows:

Measurements: For MFB column steam, the goal on the computer loop for MFB steam is a good measure. In the sample system referred to, this is loop 30 in the "DMT PCS" system. For xylene column steam, the goal on the computer loop is a good measure. In the sample system referred to, this is loop 5 in the "DMT PCS" system. For the direction of change, the best measure is the feedback error on the control block that will be changing steam (in this case, the third block in the supervisor procedure). For MFB column steam, we know the operating limits of steam flow to the column (in thousands of pounds per hour (MPPH)):

MAX>49.5;

MIN<28.5;

MID>28.5<49.5.

And for the xylene column:

MAX>66.5

MIN<40.5

MID>40.5<66.5.

For the direction of action, we know that an off aim high condition means a steam increase. Our feedback block (in the supervisor procedure) is using the Shewhart deviation from aim as the measured variable, with an aim of 0.0. Thus if the feedback error is positive, we increase steam:

ADD if Feedback error>0

CUT if Feedback error<0 or =0

For the analysis of these conditions, we need to specify what combinations of conditions lead to what result. This expert provides only one result: it defines what the manipulated variable will be--xylene column steam ("xyl₋₋ col₋₋ steam"), MFB column steam ("MFB₋₋ col₋₋ steam"), or column feed ("column₋₋ feed"). This logic results in the following rules:

                  TABLE 5                                                          ______________________________________                                         MANIPULATED.sub.-- VARIABLE is MFB.sub.-- COLUMN.sub.-- STEAM                  While Direction.sub.-- of.sub.-- change  is  ADD                               and MFB.sub.-- COL.sub.-- STEAM  is not MAX                                    MANIPULATED.sub.-- VARIABLE is XYL.sub.-- COLUMN.sub.-- STEAM                  While Direction.sub.-- of.sub.-- change is  ADD                                and MFB.sub.-- COL.sub.-- STEAM  is  MAX                                       and XYL.sub.-- COL.sub.-- STEAM  is not MAX                                    MANIPULATED.sub.-- VARIABLE is COLUMN.sub.-- FEED While                        Direction.sub.-- of.sub.-- change is  ADD                                      and MFB.sub.-- COL.sub.-- STEAM  is  MAX                                       and XYL.sub.-- COL.sub.-- STEAM  is  MAX                                       MANIPULATED.sub.-- VARIABLE is XYL.sub.-- COLUMN.sub.-- STEAM                  While Direction.sub.-- of.sub.-- change is  CUT                                and XYL.sub.-- COL.sub.-- STEAM  is not MIN                                    MANIPULATED.sub.-- VARIABLE is MFB.sub.-- COLUMN.sub.-- STEAM                  While Direction.sub.-- of.sub.-- change is  CUT                                and XYL.sub. -- COL.sub.-- STEAM  is  MIN                                      and MFB.sub.-- COL.sub.-- STEAM  is not MIN                                    MANIPULATED.sub.-- VARIABLE is COLUMN.sub.-- FEED While                        Direction.sub.-- of.sub.-- change is  CUT                                      and XYL.sub.-- COL.sub.-- STEAM  is  MIN                                       and MFB.sub.-- COL.sub.-- STEAM  is  MIN                                       ______________________________________                                    

Note that: (1) some of the conditions are negated, i.e. it is specified that a rule or condition must NOT have a certain value (MFB₋₋ COL₋₋ STEAM is NOT MIN). (2) More than one test can set the value of the same condition (MANIPULATED₋₋ VARIABLE in this case). (3) More than one test can assign the same value to the same condition (i.e. the second and fourth both set MANIPULATED VARIABLE to XYL₋₋ COL₋₋ STEAM, under different conditions). By contrast, the retrieval rules each assign one of several descriptors to a name which is unique to that specific rule.

Finally, the expert must do something with its conclusion to change the way the supervisor acts. In this case, assume that there are three feedback blocks in the supervisor procedure, all having the Shewhart MFB deviation as measured variable, with aims of 0.0. One (#3) manipulates xyl₋₋ COL₋₋ steam, one (#4) MFB₋₋ column steam, and one (#5) column feed rate. The supervisor procedure includes a FORTRAN callable function named ACS₋₋ SELECT₋₋ BLOCK, which allows only one block out of a set to take action. The others are "de-selected" and stand ready to act if selected. When ACS₋₋ select₋₋ block is called, the first block number in the argument list becomes selected, the others are deselected. Trailing zeros are ignored.

Thus, to enable the expert being built to change the control strategy, the following rules are added to the rule set:

    ______________________________________                                         While MANIPULATED VARIABLE  is XYL.sub.-- COL.sub.-- STEAM                     Then do the FORTRAN statement:                                                 ACS.sub.-- status = ACS.sub.-- select.sub.-- block ( 3, 4, 5, 0, 0, 0 )        While MANIPULATED VARIABLE  is MFB.sub.-- COL.sub.-- STEAM                     Then do the FORTRAN statement:                                                 ACS.sub.-- status = ACS.sub.-- select.sub.-- block ( 4, 3, 5, 0, 0, 0 )        While MANIPULATED VARIABLE  is COLUMN FEED Then                                do the FORTRAN statement:                                                      ACS.sub.-- status = ACS.sub.-- select.sub.-- block ( 5, 3, 4, 0, 0, 0          ______________________________________                                    

The foregoing data entries are all the inputs needed to define the expert system.

Within the supervisor procedure, an expert system can be developed for each block. Used in this way, the build-expert procedure will create the FORTRAN subroutine Blockn₋₋ expert₋₋ system (where n is the block number, i.e. the subroutines will be named BLOCK2₋₋ EXPERT₋₋ SYSTEM etc.), compile it, and place it in the proper library so that it can be called from within a supervisor block (by a user routine).

Expert Rule Structure

This sample embodiment provides an example which may help clarify what an expert procedure does. Some more general teachings regarding expert system methods and structure will now be set forth.

FIG. 2 is a schematic representation of the organization preferably used for the knowledge base. Three main categories of rules are used, namely retrieval rules 210, analysis rules 220, and action rules 230.

Retrieval Rules

The retrieval rules 210 each will retrieve one or more quantitative inputs (which may be, e.g., sensor data 157 from one of the sensors 156, historical data 141 and/or laboratory measurements 162 from a historical data base 140, limits on variable values, goals 132 defined by the supervisor procedure 130, combinations of these, or other inputs). One of the significant advantages of the system described is that it provides a very convenient user interface for accessing quantitative inputs from a very wide range of sources: essentially any data object which can be reached by the host computer can be used. (The presently preferred embodiment uses DECnet and serial communication lines to link the computer which will be running the expert system with the various computers it may be calling on for data, but of course a wide variety of other networking, multiprocessor, and/or multitasking schemes could be used instead.)

In the presently preferred embodiment the retrieval rules are of two kinds: the simpler kind (referred to as "variable rules") will name one quantitative value (which may optionally be derived from several independently accessed quantitative inputs), and assign one of a predetermined set of descriptors (variable status values 222) to that name. Each of the more complex retrieval rules (referred to as "calculation rules") permits descriptors to be assigned selectively to a name in accordance with one or more calculated values (which may optionally be derived from a number of quantitative variables).

FIG. 3 shows the template used for a retrieval rule in the presently preferred embodiment, together with a sample of a retrieval rule which has been entered into the template. The areas in this drawing which are surrounded by dotted lines indicate the parts of the template which the user can modify, and which are preferably highlighted to the user in some fashion, e.g. by showing them in reverse video. In this example, the user has typed in the rule name as "xylene column steam." The build-expert software has automatically translated this rule name, by changing all the spaces in it to underscores, so that it appears as a one word name. (This can be conveniently used as part of a variable name in conventional computer languages.) Thus, the rule shown in FIG. 3, when translated into an expert procedure by the build-expert procedure, will define a set of variables whose names each begin with "XYLENE₋₋ COLUMN₋₋ STEAM."

For example, in the presently preferred embodiment the rule shown will translate into the following set of variables:

"XYLENE₋₋ COLUMN₋₋ STEAM₋₋ STATUS" is a character variable (also known as a string or alphanumeric variable) which will have a string value which is either "MIN," "MAX," or "MID;"

"XYLENE₋₋ COLUMN₋₋ STEAM₋₋ VALUE" will be a real variable, representing the quantitative value originally retrieved for the parameter;

"XYLENE₋₋ COLUMN₋₋ STEAM₋₋ AGE" will be an integer variable representing the age of the quantitative value originally retrieved;

"XYLENE₋₋ COLUMN₋₋ STEAM₋₋ ASTAT" will be a character variable which is defined to have values of "TOO₋₋ OLD" or "OK," depending on whether the age value is within limits (note, for example, that this variable could easily be configured as a logical variable instead);

and "XYLENE₋₋ COLUMN₋₋ STEAM₋₋ FIRED" will be a logical variable which indicates whether this particular rule has been fired (on a given pass).

In filling out the retrieval rule template, the user must fill in at least two of the classification blanks. However, in the presently preferred embodiment, only five classification ranges are permitted. (This limit could be changed, but there are significant advantages to permitting the user to input only a restricted number of ranges. Where the process control algorithm absolutely demands that the variable be classified into more ranges, two or more process variable rules could be used to label up to eight or more ranges.)

Another constraint used in the presently preferred embodiment is that the user must enter at least the first two open ended ranges. He may enter up to three bounded ranges, to provide a complete coverage of all cases, but he must enter at least two open ended range specifications.

In the presently preferred embodiment, the build-expert procedure checks to see that the ranges defined are comprehensive and non-overlapping, before the rule is permitted to be added to the rule base.

FIG. 4 shows an example of a different kind of retrieval rule, known as a calculation rule. The menu for this rule is (in the presently preferred embodiment) presented to the user as two screens. The user may specify up to ten quantitative inputs, of any of the types just referred to, as well as up to ten values arithmetically derived from these inputs (or constants). By having some of the derived values refer back to other ones that are derived values, quite complex formulas may be implemented. (One advantageous use of such formulas may be to relate off-line time-stamped laboratory measurements with the continuously-measured values of the same (past) time era, e.g. in a component material balance.) Moreover, notice that the variable values and calculated values thus assembled may be used not only to define a "key value" to be categorized, but also to define the limits of the various categories against which the key value is sought to be tested.

Analysis Rules

Analysis rules generally are used to embed the natural language reasoning as practiced by the domain expert. One important distinction between retrieval rules and analysis rules is that each retrieval rule has a unique name, but the analysis condition names defined by analysis rules are not necessarily unique. FIG. 5 shows an example of an analysis rule 220. Again, the portions of the template which the user can modify are shown inside dashed boxes. Note that the template preferably used defines an analysis condition name and assigns a descriptor to that analysis condition name if specific conditions are met. In the presently preferred embodiment, the only tests permitted are ANDed combinations of no more than five logical terms, each of which can consist only of a test for identity (or non-identity) of two strings. Moreover, the string identity tests are preferably set up so that each of the comparisons either tests a retrieval rule name to see if a certain variable status value 212 was assigned by that rule, or tests an analysis condition name to see if a certain analysis status value 222 was assigned by one of the analysis rules. That is, as seen schematically in FIG. 2, there is potential for recursion among the analysis rules 220 considered as a group, since some of the analysis rules 220 can refer to the outputs of other analysis rules 220. Optionally the analysis rules could be sequenced so that there would never be any open-ended recursions, but in the presently preferred embodiment this extra constraint is not imposed.

Any one analysis condition name may (under various conditions) be assigned values by more than one analysis rule. That is, each analysis rule is preferably set up as an IF statement, and multiple such IF statements will typically be needed to specify the various possible values for any one analysis condition name.

In the presently preferred embodiment, the status of every analysis condition name and variable rule name are initially defined to be "unknown," and the logical comparisons are implemented so that no test will give a "true" result if one term of the comparison has a value of "unknown."

The order in which the analysis rules are executed may be of importance where an analysis condition name is multiply defined. That is, it may in some configurations be useful to permit the conditions of the various analysis rules 220 to be overlapping, so that, under some circumstances, more than one analysis rule may find a true precondition and attempt to assign a status value to the same analysis condition name. In this case, the sequence of execution of the analysis rules 220 can optionally be allowed to determine priority as between analysis rules. However, as mentioned above, this is not done in the presently preferred embodiment.

Moreover, more than one analysis rule may assign the same analysis status value 222 to the same analysis condition name, under different circumstances.

It can be advantageous, for purposes of documenting the reasoning embedded in the expert system, to give names to the analysis rules which include both the name and descriptor possibly linked by that rule: thus, for instance, a rule which is able to conclude that column operation is normal might be named "COLUMN₋₋ OP₋₋ NORMAL."

Action Rules

FIG. 6 shows the presently preferred embodiment of the template for action rules, and an example of one action rule which has been stated in this format. Again, the portions of the template which the user can modify are indicated by dashed boxes.

The user has chosen to name this particular action rule "Change Xylene Steam," which the build-expert software has translated into CHANGE₋₋ XYLENE₋₋ STEAM (for incorporation into various variable names such as "CHANGE₋₋ XYLENE₋₋ STEAM₋₋ FIRED"). The names assigned to action rules are primarily important for documentation, so that, when this user or another user looks back through the rule base, the use of clear rule names for action rules will help to understand what the structure of the expert system's inference chaining is. In fact, it may be advantageous, as in the example shown, to generally pick analysis status values 222 which have fairly descriptive names, and then, to the extent possible, name the action rules identically with the corresponding analysis status values.

Note also that the action rules can refer back to a variable status value 212 as well as to an analysis status value 222.

Thus, in the presently preferred embodiment the action rules embody an absolute minimum of logic. They are used primarily as a translation from descriptive key words embedded within the inference chaining structure to the actual executable statements (or command procedures) which specify the action to be taken. Thus, one way to think about the advantages of the expert system organization preferably used is that the emulation of natural language reasoning is concentrated as much as possible in the analysis rules, while the retrieval rules are used to provide translation from quantitative measurements into input usable with natural language inference rules, and the action rules are used almost exclusively to provide translation from the natural language inference process back to executable command procedures which fit in well with the computer system used.

Each of the action rule templates also gives the user several choices for the action to be taken to implement the action rule if its precondition is met. The user can either insert an executable statement (in FORTRAN, in the presently preferred embodiment) or insert a pointer to a command procedure, or simply have the action rule send advisory messages. The third option is useful for debugging, since the expert can be observed to see what actions it would have taken, without risking costly errors in the actual control of the system.

In the example shown, an executable FORTRAN statement is used, but the statement specified merely passes an action code back to the supervisor process. In the example shown in FIG. 6, the procedure call given will cause the supervisor procedure to turn on the block whose number is given first, and turn off all other blocks whose numbers are given. Thus, the statement

acs₋₋ status=acs₋₋ select₋₋ block (3, 4, 5, 0, 0, 0) would change the status of block 3 to "on-selected" (assuming that it did not need to be initialized), and would set the status values of blocks 4 and 5 to "on-deselected." Thus, when the expert system has completed running, the supervisor procedure which called the expert procedure as a subroutine can selectively execute block functions depending on the values passed back to it by the subroutine.

Thus, the action rules permit a very large variety of actions to be performed. For example, one optional alternative embodiment provides synthetic-speech output; optionally this can be combined with a telephone connection, to permit dial-out alert messages (e.g. to a telephone number which may be selected depending on the time of day shown by the system clock, so that appropriate people can be notified at home if appropriate).

Another optional embodiment permits an action rule to call up a further sub-expert. This might be useful, for example, if one expert subprocedure had been customized to handle emergency situations - who should be called, what should be shut down, what alarms should be sounded.

Generating the Expert Procedure

After the user has input as many rule statements as needed, or has modified as many of an existing set of rule templates as he wishes to, he can then call the generate code option to translate the set of templates 115, including the user inputs which have been made into the rule templates, to create the expert system 120.

Generating Source Code

As a result of the constraints imposed in the various rule templates, the translation from the constrained format of the templates is so direct that the executable rules can be generated simply by a series of appropriate string-equivalent tests, string-append operations, logical-equivalence tests, arithmetic operations, and fetches.

Preferably three passes are performed: the first does appropriate character type declarations; the second loads the appropriate initializations for each rule; and the third translates the inference rules themselves.

An example of the initialization steps is seen in initialization of the analysis rules: an initial value such as "dont₋₋ know" is assigned to each condition name, and the equivalence tests are redefined slightly by the translation procedure, so that, until some other value is assigned to the name by another rule, the statement

"name"="descriptor"

will be evaluated as false, and the statement

NOT("name"="descriptor")

will also be evaluated as false.

Sample Source Code

A portion of the source code for the procedure which actually performs this function, in the presently preferred embodiment, is as follows. ##SPC5##

Thus, steps such as those listed above will produce (in this example) FORTRAN source code which defines an expert system including rules as defined by the user. This source code can then be compiled and linked, as described above, to provide an expert procedure which is callable at run-time. This expert procedure is tied into the supervisor procedure, as described above, by inserting an appropriate call into the user program section of one of the blocks in the supervisor procedure. Thus, the expert procedure can be called under specific circumstances (e.g. if selection among several possible manipulated variables must be made), or may optionally be called on every pass of the base cycle procedure, or at fixed time intervals, or according to any of the other options set forth above.

As will be recognized by those skilled in the art, the innovative concepts described in the present application can be modified and varied over a tremendous range of applications, and accordingly their scope is not limited except by the allowed claims. 

What is claimed is:
 1. A computer-based method for operating a substantially continuous process, comprising the steps of:(1) operating the process with one or more sensors connected to sense conditions in materials being processed, and one or more actuators connected to change conditions in the process; (2) controlling one or more of said actuators with a process controller in accordance with signals received from said sensors and in accordance with one or more control parameters; (3) running a process supervisor procedure comprising one or more software modules, for selectively defining one or more of said control parameters for said process controller; (4) selectively presenting a functional structure to a user, for a new software module for said process supervisor procedure and/or a functional structure corresponding to the user input from which a current software module of said process supervisor procedure was generated, and selectively loading the user input from said functional structure to be used by said process supervisor procedure; wherein step (4) of presenting a functional structure includes presenting standardized data interface definitions further comprising the step (5) of enabling each said software module to perform the steps ofgetting data from any one of a plurality of data collection and/or process control systems and/or sending process control parameters to any one of a plurality of data collection and/or process controls systems without the user explicitly defining any custom data interfacing procedures.
 2. A computer-based method for operating a substantially continuous process, comprising the steps of:(1) operating the process with one or more sensors connected to sense conditions in materials being processed, and one or more actuators connected to change conditions in the process; (2) controlling one or more of said actuators with a process controller in accordance with signals received from said sensors and in accordance with one or more control parameters; (3) running a process supervisor procedure comprising one or more software modules, for selectively defining one or more of said control parameters for said process controller; (4) selectively presenting a functional structure to a user, for a new software for said process supervisor procedure and/or a functional structure corresponding to the user input from which a current software module of said process supervisor procedure was generated, and selectively loading the user input from said functional structure to be used by said process supervisor procedure; wherein step (4) of presenting a functional structure includes presenting standardized data interface definitions.
 3. A computer-based process control system, comprising:(a) one or more sensors connected to sense conditions in the process, and one or more actuators connected to change conditions in the process; (b) process control means, comprising one or more software modules for controlling the process, respective ones of said software modules defining a control relation among one or more of said sensors and acutators; (c) build means which is configured to:(1) present to a user a template for a new software module for said process control means; (2) present to a user a template including data corresponding to the user input from which a current software module of said process control means was generated; and (3) selectively to load user inputs from said template to be operationally accessible by said process control means.
 4. The method of claim 1, wherein said process controller of step (2) uses a cycling step, and wherein said process supervisor procedure of step (3) uses a cycling step.
 5. The method of claim 1, wherein said process supervisor procedure of step (3) uses a cycling step, and said process controller of step (2) operates in substantially real-time.
 6. The method of claim 1, wherein step (4) comprises the step of presenting functional structures in a substantially natural language format which is readily understandable by a user who is technically skilled in a predetermined art but who is not necessarily competent in any computer language.
 7. The method of claim 1, wherein step (4) comprises the step of allowing the user to alter only restricted portions of said functional structures.
 8. The method of claim 1, wherein step (4) comprises the step of presenting user-alterable portions of said functional structure which appear differently to said user than do other portions of said functional structure.
 9. The method of claim 1, wherein step (4) comprises the step of presenting said functional structure in a substantially natural language format.
 10. The method of claim 1, wherein said process supervisor procedure of step (3) comprises the step of calling on at least one expert subprocedure which uses a knowledge base and inference structure relevant to the process.
 11. The method of claim 1, wherein, for each of said control parameters of step (2), said process supervisor procedure of step (3) comprises the step of being constrained not to make changes unless the indicia for the change exceed a certain threshold; and wherein said process supervisor procedure further comprises the step of reporting every instance where it changes one of said control parameters.
 12. The method of claim 1, wherein, for each of said control parameters of step (3), said process supervisor procedure of step (3) comprises the step of being constrained not to make changes unless the amount of the change exceeds a certain threshold.
 13. The method of claim 1, wherein said process supervisor procedure of step (3) comprises the steps of following a feedback control relation including a supervisor goal condition, and a deadband on said supervisor goal condition, and/or of following a feedforward control relation on input of said sensors, and including a deadband on said input.
 14. The method of claim 1, wherein said functional structure of step (4) comprise the step of allowing the user to define timing and sequencing parameters for respective ones of said software modules which include at least the following options:become active if another specified software module has become active; become active if a new value has been entered for a specified data source; or become active if a specified time of inactivity has elapsed.
 15. The method of claim 1, wherein said process supervisor procedure of step (3) comprises the step of using a maximum iteration period significantly longer than the maximum iteration period of said process controller.
 16. The method of claim 1, wherein said process controller of step (2) uses analog logic for controlling.
 17. The method of claim 1, wherein step (3) comprises the step of defining said software modules by respective data definitions, includingpointers to procedures which will carry out a respective function, and, for at least some of said software modules, parameters to be passed to said procedure pointed to.
 18. The method of claim 1, wherein step (3) comprises the step of defining said software modules by respective data definitions, includingpointers to procedures which will carry out a respective function, most of said procedures pointed to corresponding generally to one of a limited number of procedure types, and, for at least some of said software modules, parameters to be passed to said procedures pointed to.
 19. The method of claim 1, wherein step (3) comprises the step of defining said software modules by respective data definitions, includingpointers to procedures which will carry out a respective function, wherein most of said procedures pointed to correspond generally to one of a limited number of procedure types, and wherein at least some of said procedures pointed to also contain further pointers to procedures which do not correspond generally to any one of said limited number of procedure types, and, for at least some of said software modules, parameters to be passed to said procedures pointed to.
 20. The method of claim 1, wherein one or more of said control parameters of step (3) comprise the step of including goals of said process controller.
 21. The method of claim 1, wherein said step of presenting functional structures includes presenting standardized data interface definitions such that the user can specify data having one of plural pre-defined temporal characteristics.
 22. The method of claim 1, wherein said step of presenting functional structures includes presenting standardized data interface definitions such that the user can specify data having one of plural pre-defined temporal characteristics, and said pre-defined temporal characteristics include both current values and also time-averaged values.
 23. The method of claim 1, wherein said step of presenting functional structures includes presenting standardized data interface definitions such that the user can specify data from any one of several different types of control systems having different respective data standards.
 24. The method of claim 1, wherein said functional structure of step (4) comprise the step of using a limited set of standard functional control relationships and a pointer to optional user-customized programming.
 25. The method of claim 1, wherein said process controller and said process supervisor procedure of step (3) comprise the step of using processes running on the same computer system.
 26. The method of claim 1, wherein said process controller of step (2) and said process supervisor procedure of step (3) comprise the step of both using respective parts of the same software system.
 27. The method of claim 1, wherein some of said software modules of step (3) in said process supervisor procedure of step (3) comprise the step of not defining a control relation among said sensors and actuators.
 28. The method of claim 1, wherein said input from said functional structures of step (4) comprise the step of being operationally accessible by said process supervisor procedure.
 29. A computer-based process control system, comprising:(a) one or more sensors connected to sense conditions in the process, and one or more actuators connected to change conditions in the process; (b) a process controller connected to control one or more of said actuators in accordance with deviations between one or more of said sensors and a respective goal condition; (c) process supervisor means, running on a digital computer separate from said process controller, and comprising one or more software modules, connected for communicating one or more of said respective goal conditions to said process controller; (d) build-supervisor means configured for:(1) selectively presenting to a user a functional structure for a new software module for said process supervisor means; (2) upon command, presenting to a user a functional structure corresponding to the user input from which a current of said software modules of said process supervisor means was generated; and (3) selectively loading the user input from said functional structure to be used by said process supervisor means; wherein said process supervisor means has a maximum iteration period significantly longer than the maximum iteration period of said process controller.
 30. The system of claim 29, wherein said build-supervisor means of element (d) does not allow data corresponding to fresh user inputs to become actively accessed by said process supervisor means until a validation run has been performed.
 31. The system of claim 29, wherein said process controller of element (c) uses means for cycling, and said process supervisor means of element (c) uses means for cycling.
 32. The system of claim 29, wherein said process supervisor means of element (c) uses means for cycling, and said process controller of element (c) operates in substantially real-time.
 33. The system of claim 29, wherein only restricted portions of said functional structure of said build-supervisor means of element (d) are user-alterable.
 34. The system of claim 29, wherein portions of said functional structure of said build-supervisor means of element (d) are user-alternable, and appear different to said user than do other portions of said functional structure.
 35. The system of claim 29, wherein said functional structure of said build-supervisor means of element (d) have a substantially natural language format.
 36. The system of claim 29, wherein said process supervisor means of element (c) also calls on at least one expert subprocedure means which includes a knowledge base and inference structure relevant to the process.
 37. The system of claim 27, wherein, for each or said goal conditions of element (b), said process supervisor means of element (c) is constrained not to make changes unless the indicia for the change exceed a certain threshold; and wherein said process supervisor means reports every instance where it changes a goal condition.
 38. The system of claim 29, wherein, for each of said goal conditions of element (b), said process supervisor means of element (c) is constrained not to make changes unless the amount of the change would exceed a certain threshold.
 39. The system of claim 29, wherein said process supervisor means of element (c) implements at least one feedback control relation including a supervisor goal condition, and a deadband on said supervisor goal condition, and also at least one feedforward control relation on input of said sensor, and including a deadband on said input.
 40. The system of claim 29, wherein said functional structure of said build-supervisor means of element (d) permit the user to define timing and sequencing parameters for respective ones of said software modules which include at least the following options:become active in another specified software module has become active; become active if a new value has been entered for a specified data source; or become active if a specified time of inactivity has elapsed.
 41. The system of claim 29, wherein said process supervisor means of element (c) has a maximum iteration period significantly longer than the maximum iteration period of said process controller of element (b).
 42. The system of claim 29, wherein said process controller uses analog logic for controlling.
 43. The system of claim 29, wherein said software modules of element (c) are defined by respective data definitions, includingpointers to means which will carry out a respective function, and (for at least some of said software modules) parameters to be passed to said means pointed to.
 44. The system of claim 29, wherein said software modules of element (c) are defined by respective data definitions, includingpointers to means which will carry out a respective function, most of said means pointed to corresponding generally to one of a limited number of procedure types, and (for at least some of said software modules) parameters to be passed to said means pointed to.
 45. The system of claim 29, wherein said software modules of element (c) are defined by respective data definitions, includingpointers to means for carrying out a respective function,wherein most of said means pointed to correspond generally to one of a limited number of procedure types, and wherein at least some of said means pointed to also contain further pointers to means which do not correspond generally to any one of said limited number of procedure types, and, for at least some of said software modules parameters to be passed to said means pointed to.
 46. The system of claim 29, wherein said presentation of functional structure of said build-supervisor means of element (d) includes presenting standardized data interface definitions such that the user can specify data having one of plural pre-defined temporal characteristics.
 47. The system of claim 29, wherein said functional structure of said build-supervisor means of element (d) include standardized data interface definitions such that the user can specify data having one of plural pre-defined temporal characteristics, and said pre-defined temporal characteristics include both current values and also time-averaged values.
 48. The system of claim 29, wherein said functional structure of said build-supervisor means of element (d) include standardized data interface definitions such that the user can specify data from any one of several different types of control systems having different respective data standards.
 49. The system of claim 29, wherein said functional structure of said build-supervisor means of element (d) include a limited set of standard functional control relationships and a pointer to optional user-customized programming.
 50. The system of claim 29, wherein said process controller of element (b) and said process supervisor means of element (c) comprise processes running on the same computer system.
 51. The system of claim 29, wherein said process controller of element (b) and said process supervisor means of element (c) are both respective parts of the same software system.
 52. The system of claim 29, wherein some of said software modules of element (c) in said process control means do not define a control relation among said sensors and actuators.
 53. The system of claim 29, wherein said input from said functional structures of element (2) is operationally accessible by said process supervisor means.
 54. A computer-based process control system, comprising:(a) one or more sensors connected to sense conditions in the process, and one or more actuators connected to change conditions (1) the process; (b) process control means, comprising one or more software modules for controlling the process, respective ones of said software modules defining a control relation among one or more of said sensors and actuators; (c) build means which is configured to:(1) present to a user a template for a new software module for said process control means; (2) present to a user a template including data corresponding to the user input from which a current software module of said process control means was generated; and (3) selectively loading user input from said template be used by said process control means; wherein each said template presented by said build means includes(i) a standard functional control relationship selected from a limited set, and (ii) a pointer to optional user-customized programming.
 55. The system of claim 54, wherein said build means of element (c) does not allow data corresponding to fresh user inputs to become actively accessed by said process control means of element (b) until a validation run has been performed.
 56. The system of claim 54, wherein said template of said build means of element (c) is user-alterable, and appears differently to said user than do other portions of said template.
 57. The system of claim 54, wherein said template of said build means of element (c) have a substantially natural language format.
 58. The system of claim 54, wherein said process control means of element (b) uses analog logic for controlling.
 59. The system of claim 54, wherein said limited set of standard functional control relationships of said build means of element (c) comprises feedback, feedforward, statistical filtering, and/or null control relationships.
 60. The system of claim 54, wherein said process control means of element (b) and said build means of element (c) comprise processes running on the same computer system.
 61. The system of claim 54, wherein said process control means of element (b) and said build means of element (c) are both respective parts of the same software system.
 62. The system of claim 54, wherein said input from said templates of element (2) are optionally accessible by said process control means.
 63. A computer-based process control system, comprising:(a) one or more sensors connected to sense conditions in the process, and one or more actuators connected to change conditions i the process; (b) process control means, comprising one or more software modules for controlling the process, respective ones of said software modules defining a control relation among one or more of said sensors and actuators; wherein each said software modules includes(i) a standard functional control relationship selected from a limited set, and (ii) a pointer to optional user-customized programming.
 64. A computer-based process control system, comprising:(a) one or more sensors connected to sense conditions in the process, and one or more actuators connected to change conditions the process; (b) process control means, comprising one or more software modules for controlling the process, respective ones of said software moduless defining a control relation among one or more of said sensors and actuators; (c) build means which is configured to:(1) present to a user a functional structure for a ne, software module for said process control means; (2) present to a user a functional structure including data corresponding to the user input from which a current software module of said process control means was generated; and (3) selectively loading the user inputs from said functional structure to be used by said process control means; wherein each said functional structure presented by said build means includes(i) a standard functional control relationship selected from a limited set, and (ii) a pointer to optional user-customized programming. 